Merge pull request #34 from rancher/bundle-name-explanation

Bundle Name Explanation
2022-12-21 12:26:55 +01:00 · 2022-12-21 12:26:55 +01:00 · 1a8004c7a9
parent 15b7f77185 8a3a4f104d
commit 1a8004c7a9
5 changed files with 43 additions and 40 deletions
--- a/docs/cluster-bundles-state.md
+++ b/docs/cluster-bundles-state.md
@ -1,4 +1,4 @@
-# Cluster and Bundle state
+# Cluster and Bundle State

 Clusters and Bundles have different states in each phase of applying Bundles.

--- a/docs/gitrepo-add.md
+++ b/docs/gitrepo-add.md
@ -62,8 +62,9 @@ spec:
  # clientSecretName: my-ssh-key
  #
  # If fleet.yaml contains a private Helm repo that requires authentication,
-  # provide the credentials in a K8s secret and specify them here. Details are provided
-  # in the fleet.yaml documentation.
+  # provide the credentials in a K8s secret and specify them here.
+  # Danger: the credentials will be sent to all repositories referenced from
+  # this gitrepo. See section below for more information.
  #
  # helmSecretName: my-helm-secret
  #
@ -120,7 +121,7 @@ spec:
  # targets: ...
 ```

-## Adding private repository
+## Adding private git repository

 Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace.

@ -197,6 +198,28 @@ Just like with SSH, reference the secret in your GitRepo resource via `clientSec
      branch: main
      clientSecretName: basic-auth-secret

+## Using Private Helm Repositories
+
+:::warning
+The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.
+Make sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.
+:::
+
+For a private Helm repo, users can reference a secret with the following keys:
+
+1. `username` and `password` for basic http auth if the Helm HTTP repo is behind basic auth.
+
+2. `cacerts` for custom CA bundle if the Helm repo is using a custom CA.
+
+3. `ssh-privatekey` for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.
+
+For example, to add a secret in kubectl, run
+
+`kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem`
+
+After secret is created, specify the secret to `gitRepo.spec.helmSecretName`. Make sure secret is created under the same namespace with gitrepo.
+
+
 # Troubleshooting

 See Fleet Troubleshooting section [here](./troubleshooting.md).
--- a/docs/gitrepo-structure.md
+++ b/docs/gitrepo-structure.md
@ -2,6 +2,10 @@

 Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a `fleet.yaml` is found.

+Each bundle is created from paths in a GitRepo and modified further by reading the discovered `fleet.yaml` file.
+Bundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not
+specified within fleet.yaml it is generated from `GitRepo.name + path`. Long names are truncated and a `-<hash>` prefix is added.
+
 **The git repository has no explicitly required structure.** It is important
 to realize the scanned resources will be saved as a resource in Kubernetes so
 you want to make sure the directories you are scanning in git do not contain
@ -80,7 +84,7 @@ helm:
  # value of `chart` will be used as the chart name to lookup in the Helm repository.
  repo: https://charts.rancher.io
  # A custom release name to deploy the chart as. If not specified a release name
-  # will be generated.
+  # will be generated by combining the invoking GitRepo.name + GitRepo.path.
  releaseName: my-release
  # The version of the chart or semver constraint of the chart to find. If a constraint
  # is specified it is evaluated each time git changes.
@ -219,23 +223,10 @@ dependsOn:
  - name: one-multi-cluster-hello-world
 ```

-:::info
+### Private Helm Repositories

-For a private Helm repo, users can reference a secret with the following keys:
-
-1. `username` and `password` for basic http auth if the Helm HTTP repo is behind basic auth.
-
-2. `cacerts` for custom CA bundle if the Helm repo is using a custom CA.
-
-3. `ssh-privatekey` for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.
-
-For example, to add a secret in kubectl, run
-
-`kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem`
-
-After secret is created, specify the secret to `gitRepo.spec.helmSecretName`. Make sure secret is created under the same namespace with gitrepo.
-
-:::
+For a private Helm repo, users can reference a secret from the git repo resource.
+See [Using Private Helm Repositories](gitrepo-add#using-private-helm-repositories) for more information.

 ### Using ValuesFrom

--- a/docs/ref-fleet-yaml.md
+++ b/docs/ref-fleet-yaml.md
@ -4,4 +4,4 @@ The `fleet.yaml` file adds options to a bundle. Any directory with a `fleet.yaml

 A full reference with explanations can be found in [Expected Repo Structure](./gitrepo-structure.md#fleetyaml).

-The content of the fleet.yaml corresponds to the [BundleSpec](./ref-crds#bundlespec).
+The content of the fleet.yaml corresponds to https://github.com/rancher/fleet/blob/master/pkg/bundlereader/read.go#L129-L135, which contains the [BundleSpec](./ref-crds#bundlespec).
--- a/sidebars.js
+++ b/sidebars.js
@ -10,21 +10,15 @@ module.exports = {
      label: 'Operator Guide',
      items:[
        {
-          'Managing Clusters':
-          {
-            'Registering':
-            [
-              {type:'doc', id:'cluster-overview'},
-              {type:'doc', id:'cluster-tokens'},
-              {type:'doc', id:'agent-initiated'},
-              {type:'doc', id:'manager-initiated'},
-            ],
-          },
-          'Cluster Groups':
+          'Registering Clusters':
          [
-            {type:'doc', id:'cluster-group'},
+            {type: 'doc', id: 'cluster-overview'},
+            {type: 'doc', id: 'cluster-tokens'},
+            {type: 'doc', id: 'agent-initiated'},
+            {type: 'doc', id: 'manager-initiated'},
          ],
        },
+        {type:'doc', id:'cluster-group'},
        'namespaces',
        'multi-tenancy',
      ],
@ -33,19 +27,13 @@ module.exports = {
      type: 'category',
      label: 'User Guide',
      items:[
-        {
-          'Managing Git Repos':
-          [
            {type:'doc', id:'gitrepo-add'},
            {type:'doc', id:'gitrepo-structure'},
            {type:'doc', id:'gitrepo-targets'},
            {type:'doc', id:'bundle-diffs'},
            {type:'doc', id:'webhook'},
            {type:'doc', id:'imagescan'},
-            {type:'doc', id:'cluster-bundles-state'},
          ],
-        },
-      ],
    },
    'troubleshooting',
    {
@ -68,6 +56,7 @@ module.exports = {
      type: 'category',
      label: 'Reference',
      items:[
+        {type:'doc', id:'cluster-bundles-state'},
        'ref-crd-gitrepo',
        'ref-fleet-yaml',
        'ref-bundle-stages',