From 206b15ed4893b44e4326ba81ad68a8eb57a62bd0 Mon Sep 17 00:00:00 2001 From: manno Date: Thu, 23 Feb 2023 15:04:51 +0000 Subject: [PATCH] deploy: accc99e6963cc413e7005dd4931c330254d7c21e --- 0.4.html | 6 +++--- 0.4/advanced-users.html | 6 +++--- 0.4/agent-initiated.html | 10 +++++----- 0.4/architecture.html | 6 +++--- 0.4/bundle-diffs.html | 6 +++--- 0.4/cluster-bundles-state.html | 6 +++--- 0.4/cluster-group.html | 6 +++--- 0.4/cluster-overview.html | 6 +++--- 0.4/cluster-tokens.html | 6 +++--- 0.4/concepts.html | 6 +++--- 0.4/examples.html | 6 +++--- 0.4/gitrepo-add.html | 6 +++--- 0.4/gitrepo-structure.html | 6 +++--- 0.4/gitrepo-targets.html | 6 +++--- 0.4/imagescan.html | 6 +++--- 0.4/installation.html | 6 +++--- 0.4/manager-initiated.html | 6 +++--- 0.4/multi-cluster-install.html | 8 ++++---- 0.4/namespaces.html | 6 +++--- 0.4/quickstart.html | 8 ++++---- 0.4/single-cluster-install.html | 8 ++++---- 0.4/troubleshooting.html | 6 +++--- 0.4/uninstall.html | 6 +++--- 0.4/webhook.html | 6 +++--- 0.5.html | 6 +++--- 0.5/advanced-users.html | 6 +++--- 0.5/agent-initiated.html | 10 +++++----- 0.5/architecture.html | 6 +++--- 0.5/bundle-diffs.html | 6 +++--- 0.5/cluster-bundles-state.html | 6 +++--- 0.5/cluster-group.html | 6 +++--- 0.5/cluster-overview.html | 6 +++--- 0.5/cluster-tokens.html | 6 +++--- 0.5/concepts.html | 6 +++--- 0.5/examples.html | 6 +++--- 0.5/gitrepo-add.html | 6 +++--- 0.5/gitrepo-structure.html | 6 +++--- 0.5/gitrepo-targets.html | 6 +++--- 0.5/imagescan.html | 6 +++--- 0.5/installation.html | 6 +++--- 0.5/manager-initiated.html | 6 +++--- 0.5/multi-cluster-install.html | 8 ++++---- 0.5/namespaces.html | 6 +++--- 0.5/quickstart.html | 8 ++++---- 0.5/single-cluster-install.html | 8 ++++---- 0.5/troubleshooting.html | 6 +++--- 0.5/uninstall.html | 6 +++--- 0.5/webhook.html | 6 +++--- 404.html | 4 ++-- advanced-users.html | 6 +++--- agent-initiated.html | 10 +++++----- architecture.html | 6 +++--- .../js/{01b4035b.a901e160.js => 01b4035b.1d4437bb.js} | 2 +- .../js/{0252b8ff.8c70c19c.js => 0252b8ff.3418e11e.js} | 2 +- assets/js/07db75e5.a048c636.js | 1 + assets/js/07db75e5.d2ad1d18.js | 1 - .../js/{09d5ad39.10ff5ffa.js => 09d5ad39.c5694cdf.js} | 2 +- assets/js/0a06c365.30eeb095.js | 1 + assets/js/0a06c365.f127ac5e.js | 1 - .../js/{0e50cd4d.c57c2c98.js => 0e50cd4d.daf3545b.js} | 2 +- .../js/{10f03480.b741d736.js => 10f03480.7b061657.js} | 2 +- .../js/{11f54a6a.16a6b84e.js => 11f54a6a.58de1936.js} | 2 +- .../js/{12f4838b.971d5167.js => 12f4838b.6cef46d7.js} | 2 +- .../js/{14d8290d.17db2b17.js => 14d8290d.842dcd90.js} | 2 +- .../js/{1f14308a.570e88e1.js => 1f14308a.c9b36535.js} | 2 +- .../js/{1fec2b35.74752462.js => 1fec2b35.77a3fb5a.js} | 2 +- .../js/{22b369d5.549df8fe.js => 22b369d5.e8c002d5.js} | 2 +- .../js/{26326ef3.f5f24ec7.js => 26326ef3.e884bef2.js} | 2 +- .../js/{2d618eff.a4d1dce8.js => 2d618eff.f92010c4.js} | 2 +- .../js/{340d0560.d31de443.js => 340d0560.33e8b3c1.js} | 2 +- .../js/{34a3c1ae.b9ba6941.js => 34a3c1ae.399bcb19.js} | 2 +- .../js/{34eb4307.12c890b3.js => 34eb4307.cafd192f.js} | 2 +- .../js/{3718f698.9024fb21.js => 3718f698.077840a9.js} | 2 +- .../js/{39f5e362.ea57e4f2.js => 39f5e362.3479005a.js} | 2 +- .../js/{3b8c55ea.fd5799a5.js => 3b8c55ea.01eed4fa.js} | 2 +- .../js/{3c247a82.9262d5bf.js => 3c247a82.6805e2f6.js} | 2 +- .../js/{45a5cd1f.3036bc8c.js => 45a5cd1f.7d8f1f1c.js} | 2 +- .../js/{461a3020.951d1022.js => 461a3020.ca933b05.js} | 2 +- .../js/{49af6a86.289be922.js => 49af6a86.6909d500.js} | 2 +- .../js/{4ccb6852.5d3e33e1.js => 4ccb6852.19c42d0a.js} | 2 +- .../js/{4fac8f87.8632f7be.js => 4fac8f87.a67bd685.js} | 2 +- .../js/{522d95f1.7df4be61.js => 522d95f1.dfb57b7a.js} | 2 +- .../js/{5281b7a2.5019f693.js => 5281b7a2.4009f0ec.js} | 2 +- .../js/{5379b7b3.103ba006.js => 5379b7b3.c638c193.js} | 2 +- .../js/{57b32f77.1955520b.js => 57b32f77.e4ae788c.js} | 2 +- .../js/{5a165616.2b660d98.js => 5a165616.735e5d78.js} | 2 +- .../js/{63e62f73.e7e6729e.js => 63e62f73.a86528cb.js} | 2 +- .../js/{680ed9ed.1f3e806a.js => 680ed9ed.ee30c6a1.js} | 2 +- .../js/{6cf4c0df.ebe26525.js => 6cf4c0df.45a4ac69.js} | 2 +- .../js/{6f2a0b31.098cb515.js => 6f2a0b31.806737ac.js} | 2 +- .../js/{755aca7b.acdd19d2.js => 755aca7b.6251ef14.js} | 2 +- .../js/{762abe3e.25f5ed7b.js => 762abe3e.00af4f07.js} | 2 +- .../js/{7c5d32d8.16ee7418.js => 7c5d32d8.1d018540.js} | 2 +- .../js/{7f3d36ad.3c826396.js => 7f3d36ad.9c7882bd.js} | 2 +- assets/js/8070e160.1118f958.js | 1 + assets/js/8070e160.120f64b9.js | 1 - .../js/{834808ff.cf4b34de.js => 834808ff.d4f8f7fc.js} | 2 +- .../js/{839437d0.bc009d72.js => 839437d0.af445ebc.js} | 2 +- .../js/{847b3bc4.21481317.js => 847b3bc4.d6da70de.js} | 2 +- assets/js/84ab13f9.997e20d1.js | 1 + assets/js/84ab13f9.ce3daaaf.js | 1 - .../js/{9533a6b7.30bb08d8.js => 9533a6b7.24e6a7e5.js} | 2 +- .../js/{9d9f8394.0d61a075.js => 9d9f8394.a4c9e09e.js} | 2 +- .../js/{a2c468b1.5d788205.js => a2c468b1.3369f9a7.js} | 2 +- .../js/{a9e7f6cd.df5e4c7f.js => a9e7f6cd.69954bfe.js} | 2 +- .../js/{aba71817.e82bc030.js => aba71817.d30b293f.js} | 2 +- assets/js/abaf23c8.98b96c52.js | 1 + assets/js/abaf23c8.c08e0626.js | 1 - .../js/{af10d9fb.c6bbbb1a.js => af10d9fb.027616f3.js} | 2 +- .../js/{af48bdba.12613d81.js => af48bdba.1eb7f149.js} | 2 +- .../js/{b2456c44.e8666273.js => b2456c44.0f8fe90a.js} | 2 +- .../js/{b32c755c.3b6f001a.js => b32c755c.4e6d16b6.js} | 2 +- .../js/{b60b3bd8.83abcd31.js => b60b3bd8.c727d7a8.js} | 2 +- .../js/{b7ae13b2.135fc9a2.js => b7ae13b2.32826eb7.js} | 2 +- .../js/{b8f3160f.3fdb26d0.js => b8f3160f.37f64d95.js} | 2 +- .../js/{b9a03c38.eee9c13a.js => b9a03c38.4a3874b3.js} | 2 +- .../js/{bd465781.7f2353e5.js => bd465781.bb709602.js} | 2 +- .../js/{c211f800.43b0d0fc.js => c211f800.6ba0cf6c.js} | 2 +- .../js/{c377a04b.8edfea16.js => c377a04b.5bd1461a.js} | 2 +- .../js/{c7381d34.44ac32d3.js => c7381d34.b5bef923.js} | 2 +- .../js/{cd0bf424.bb601075.js => cd0bf424.dc4ca605.js} | 2 +- .../js/{cd323ffc.ae828115.js => cd323ffc.4c90cc15.js} | 2 +- .../js/{d162992c.b9d512be.js => d162992c.ebe773a2.js} | 2 +- .../js/{d3d9887a.2d5d96ae.js => d3d9887a.ea8deade.js} | 2 +- .../js/{d8f58335.ae268529.js => d8f58335.cce42ba6.js} | 2 +- .../js/{da21831e.6a9ee733.js => da21831e.59a7e060.js} | 2 +- .../js/{dd67116e.2d92b707.js => dd67116e.c47ac0f2.js} | 2 +- .../js/{dd81469d.8594a1aa.js => dd81469d.eac7dcff.js} | 2 +- .../js/{de08e76e.365b0eb3.js => de08e76e.b2616e03.js} | 2 +- .../js/{e0636556.cd2066ec.js => e0636556.382874e2.js} | 2 +- .../js/{e252aa27.fd8378ca.js => e252aa27.8a8451ed.js} | 2 +- .../js/{e3aa6547.70908871.js => e3aa6547.ee996040.js} | 2 +- assets/js/ebf52154.0ffaed92.js | 1 - assets/js/ebf52154.dc94694a.js | 1 + assets/js/ecc84eb4.203ba1eb.js | 1 + assets/js/ecc84eb4.ccbc51ec.js | 1 - .../js/{f63438e5.6ddf727a.js => f63438e5.2ef4d035.js} | 2 +- .../js/{f6748474.885a550c.js => f6748474.3f19249a.js} | 2 +- .../js/{f7cf1511.b2410d57.js => f7cf1511.bd9dfa13.js} | 2 +- assets/js/f8113afe.19783368.js | 1 + assets/js/f8113afe.7a35237f.js | 1 - .../js/{f8909550.6787dd78.js => f8909550.a8df6b80.js} | 2 +- .../js/{fb76c575.1ec14aa0.js => fb76c575.649838ed.js} | 2 +- .../js/{fbaf079d.a570259b.js => fbaf079d.8ec9c5bc.js} | 2 +- .../js/{fd06576e.12f065b2.js => fd06576e.bdf1f0c4.js} | 2 +- .../js/{fd26103c.516b484b.js => fd26103c.8c9fe6a4.js} | 2 +- .../js/{ffe5129d.c282d9c0.js => ffe5129d.00022c28.js} | 2 +- ...ntime~main.54b39d51.js => runtime~main.7794a84c.js} | 2 +- bundle-diffs.html | 6 +++--- cli/fleet-agent.html | 6 +++--- cli/fleet-cli/fleet.html | 6 +++--- cli/fleet-cli/fleet_apply.html | 6 +++--- cli/fleet-cli/fleet_test.html | 6 +++--- cli/fleet-controller/fleet-manager.html | 6 +++--- cluster-bundles-state.html | 6 +++--- cluster-group.html | 6 +++--- cluster-overview.html | 6 +++--- cluster-tokens.html | 6 +++--- concepts.html | 6 +++--- examples.html | 6 +++--- gitrepo-add.html | 6 +++--- gitrepo-structure.html | 6 +++--- gitrepo-targets.html | 6 +++--- imagescan.html | 6 +++--- index.html | 6 +++--- installation.html | 6 +++--- manager-initiated.html | 6 +++--- multi-cluster-install.html | 8 ++++---- multi-tenancy.html | 6 +++--- namespaces.html | 6 +++--- quickstart.html | 8 ++++---- ref-bundle-stages.html | 6 +++--- ref-components.html | 6 +++--- ref-configuration.html | 6 +++--- ref-crd-gitrepo.html | 6 +++--- ref-crds.html | 6 +++--- ref-fleet-yaml.html | 6 +++--- ref-namespaces.html | 6 +++--- ref-registration.html | 6 +++--- ref-resources.html | 6 +++--- search.html | 4 ++-- single-cluster-install.html | 8 ++++---- troubleshooting.html | 6 +++--- uninstall.html | 6 +++--- webhook.html | 6 +++--- 185 files changed, 368 insertions(+), 368 deletions(-) rename assets/js/{01b4035b.a901e160.js => 01b4035b.1d4437bb.js} (99%) rename assets/js/{0252b8ff.8c70c19c.js => 0252b8ff.3418e11e.js} (99%) create mode 100644 assets/js/07db75e5.a048c636.js delete mode 100644 assets/js/07db75e5.d2ad1d18.js rename assets/js/{09d5ad39.10ff5ffa.js => 09d5ad39.c5694cdf.js} (98%) create mode 100644 assets/js/0a06c365.30eeb095.js delete mode 100644 assets/js/0a06c365.f127ac5e.js rename assets/js/{0e50cd4d.c57c2c98.js => 0e50cd4d.daf3545b.js} (97%) rename assets/js/{10f03480.b741d736.js => 10f03480.7b061657.js} (98%) rename assets/js/{11f54a6a.16a6b84e.js => 11f54a6a.58de1936.js} (99%) rename assets/js/{12f4838b.971d5167.js => 12f4838b.6cef46d7.js} (98%) rename assets/js/{14d8290d.17db2b17.js => 14d8290d.842dcd90.js} (97%) rename assets/js/{1f14308a.570e88e1.js => 1f14308a.c9b36535.js} (98%) rename assets/js/{1fec2b35.74752462.js => 1fec2b35.77a3fb5a.js} (97%) rename assets/js/{22b369d5.549df8fe.js => 22b369d5.e8c002d5.js} (97%) rename assets/js/{26326ef3.f5f24ec7.js => 26326ef3.e884bef2.js} (97%) rename assets/js/{2d618eff.a4d1dce8.js => 2d618eff.f92010c4.js} (99%) rename assets/js/{340d0560.d31de443.js => 340d0560.33e8b3c1.js} (96%) rename assets/js/{34a3c1ae.b9ba6941.js => 34a3c1ae.399bcb19.js} (99%) rename assets/js/{34eb4307.12c890b3.js => 34eb4307.cafd192f.js} (98%) rename assets/js/{3718f698.9024fb21.js => 3718f698.077840a9.js} (97%) rename assets/js/{39f5e362.ea57e4f2.js => 39f5e362.3479005a.js} (99%) rename assets/js/{3b8c55ea.fd5799a5.js => 3b8c55ea.01eed4fa.js} (98%) rename assets/js/{3c247a82.9262d5bf.js => 3c247a82.6805e2f6.js} (99%) rename assets/js/{45a5cd1f.3036bc8c.js => 45a5cd1f.7d8f1f1c.js} (98%) rename assets/js/{461a3020.951d1022.js => 461a3020.ca933b05.js} (97%) rename assets/js/{49af6a86.289be922.js => 49af6a86.6909d500.js} (98%) rename assets/js/{4ccb6852.5d3e33e1.js => 4ccb6852.19c42d0a.js} (97%) rename assets/js/{4fac8f87.8632f7be.js => 4fac8f87.a67bd685.js} (94%) rename assets/js/{522d95f1.7df4be61.js => 522d95f1.dfb57b7a.js} (98%) rename assets/js/{5281b7a2.5019f693.js => 5281b7a2.4009f0ec.js} (98%) rename assets/js/{5379b7b3.103ba006.js => 5379b7b3.c638c193.js} (97%) rename assets/js/{57b32f77.1955520b.js => 57b32f77.e4ae788c.js} (97%) rename assets/js/{5a165616.2b660d98.js => 5a165616.735e5d78.js} (99%) rename assets/js/{63e62f73.e7e6729e.js => 63e62f73.a86528cb.js} (96%) rename assets/js/{680ed9ed.1f3e806a.js => 680ed9ed.ee30c6a1.js} (98%) rename assets/js/{6cf4c0df.ebe26525.js => 6cf4c0df.45a4ac69.js} (98%) rename assets/js/{6f2a0b31.098cb515.js => 6f2a0b31.806737ac.js} (98%) rename assets/js/{755aca7b.acdd19d2.js => 755aca7b.6251ef14.js} (98%) rename assets/js/{762abe3e.25f5ed7b.js => 762abe3e.00af4f07.js} (97%) rename assets/js/{7c5d32d8.16ee7418.js => 7c5d32d8.1d018540.js} (99%) rename assets/js/{7f3d36ad.3c826396.js => 7f3d36ad.9c7882bd.js} (98%) create mode 100644 assets/js/8070e160.1118f958.js delete mode 100644 assets/js/8070e160.120f64b9.js rename assets/js/{834808ff.cf4b34de.js => 834808ff.d4f8f7fc.js} (98%) rename assets/js/{839437d0.bc009d72.js => 839437d0.af445ebc.js} (96%) rename assets/js/{847b3bc4.21481317.js => 847b3bc4.d6da70de.js} (97%) create mode 100644 assets/js/84ab13f9.997e20d1.js delete mode 100644 assets/js/84ab13f9.ce3daaaf.js rename assets/js/{9533a6b7.30bb08d8.js => 9533a6b7.24e6a7e5.js} (98%) rename assets/js/{9d9f8394.0d61a075.js => 9d9f8394.a4c9e09e.js} (99%) rename assets/js/{a2c468b1.5d788205.js => a2c468b1.3369f9a7.js} (99%) rename assets/js/{a9e7f6cd.df5e4c7f.js => a9e7f6cd.69954bfe.js} (98%) rename assets/js/{aba71817.e82bc030.js => aba71817.d30b293f.js} (96%) create mode 100644 assets/js/abaf23c8.98b96c52.js delete mode 100644 assets/js/abaf23c8.c08e0626.js rename assets/js/{af10d9fb.c6bbbb1a.js => af10d9fb.027616f3.js} (98%) rename assets/js/{af48bdba.12613d81.js => af48bdba.1eb7f149.js} (97%) rename assets/js/{b2456c44.e8666273.js => b2456c44.0f8fe90a.js} (97%) rename assets/js/{b32c755c.3b6f001a.js => b32c755c.4e6d16b6.js} (99%) rename assets/js/{b60b3bd8.83abcd31.js => b60b3bd8.c727d7a8.js} (97%) rename assets/js/{b7ae13b2.135fc9a2.js => b7ae13b2.32826eb7.js} (95%) rename assets/js/{b8f3160f.3fdb26d0.js => b8f3160f.37f64d95.js} (98%) rename assets/js/{b9a03c38.eee9c13a.js => b9a03c38.4a3874b3.js} (98%) rename assets/js/{bd465781.7f2353e5.js => bd465781.bb709602.js} (97%) rename assets/js/{c211f800.43b0d0fc.js => c211f800.6ba0cf6c.js} (98%) rename assets/js/{c377a04b.8edfea16.js => c377a04b.5bd1461a.js} (98%) rename assets/js/{c7381d34.44ac32d3.js => c7381d34.b5bef923.js} (98%) rename assets/js/{cd0bf424.bb601075.js => cd0bf424.dc4ca605.js} (96%) rename assets/js/{cd323ffc.ae828115.js => cd323ffc.4c90cc15.js} (98%) rename assets/js/{d162992c.b9d512be.js => d162992c.ebe773a2.js} (98%) rename assets/js/{d3d9887a.2d5d96ae.js => d3d9887a.ea8deade.js} (99%) rename assets/js/{d8f58335.ae268529.js => d8f58335.cce42ba6.js} (98%) rename assets/js/{da21831e.6a9ee733.js => da21831e.59a7e060.js} (98%) rename assets/js/{dd67116e.2d92b707.js => dd67116e.c47ac0f2.js} (98%) rename assets/js/{dd81469d.8594a1aa.js => dd81469d.eac7dcff.js} (97%) rename assets/js/{de08e76e.365b0eb3.js => de08e76e.b2616e03.js} (99%) rename assets/js/{e0636556.cd2066ec.js => e0636556.382874e2.js} (98%) rename assets/js/{e252aa27.fd8378ca.js => e252aa27.8a8451ed.js} (98%) rename assets/js/{e3aa6547.70908871.js => e3aa6547.ee996040.js} (98%) delete mode 100644 assets/js/ebf52154.0ffaed92.js create mode 100644 assets/js/ebf52154.dc94694a.js create mode 100644 assets/js/ecc84eb4.203ba1eb.js delete mode 100644 assets/js/ecc84eb4.ccbc51ec.js rename assets/js/{f63438e5.6ddf727a.js => f63438e5.2ef4d035.js} (98%) rename assets/js/{f6748474.885a550c.js => f6748474.3f19249a.js} (97%) rename assets/js/{f7cf1511.b2410d57.js => f7cf1511.bd9dfa13.js} (99%) create mode 100644 assets/js/f8113afe.19783368.js delete mode 100644 assets/js/f8113afe.7a35237f.js rename assets/js/{f8909550.6787dd78.js => f8909550.a8df6b80.js} (99%) rename assets/js/{fb76c575.1ec14aa0.js => fb76c575.649838ed.js} (97%) rename assets/js/{fbaf079d.a570259b.js => fbaf079d.8ec9c5bc.js} (99%) rename assets/js/{fd06576e.12f065b2.js => fd06576e.bdf1f0c4.js} (99%) rename assets/js/{fd26103c.516b484b.js => fd26103c.8c9fe6a4.js} (98%) rename assets/js/{ffe5129d.c282d9c0.js => ffe5129d.00022c28.js} (98%) rename assets/js/{runtime~main.54b39d51.js => runtime~main.7794a84c.js} (59%) diff --git a/0.4.html b/0.4.html index 716d94e37..867d3e450 100644 --- a/0.4.html +++ b/0.4.html @@ -4,13 +4,13 @@ Overview | Fleet - +
-
Skip to main content
Version: 0.4

Overview

What is Fleet?​

  • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

  • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability.

Configuration Management​

Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

Copyright © 2023 SUSE Rancher. All Rights Reserved.
- +
Skip to main content
Version: 0.4

Overview

What is Fleet?​

  • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

  • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability.

Configuration Management​

Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

+ \ No newline at end of file diff --git a/0.4/advanced-users.html b/0.4/advanced-users.html index e8f4a1c9d..14236d9e0 100644 --- a/0.4/advanced-users.html +++ b/0.4/advanced-users.html @@ -4,13 +4,13 @@ Advanced Users | Fleet - +
-
Skip to main content
Version: 0.4

Advanced Users

Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.

The following are examples of advanced use cases:

Please refer to the installation and the uninstall documentation for additional information.

Copyright © 2023 SUSE Rancher. All Rights Reserved.
- +
Skip to main content
Version: 0.4

Advanced Users

Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.

The following are examples of advanced use cases:

Please refer to the installation and the uninstall documentation for additional information.

+ \ No newline at end of file diff --git a/0.4/agent-initiated.html b/0.4/agent-initiated.html index 1a9e93fc5..f868c9805 100644 --- a/0.4/agent-initiated.html +++ b/0.4/agent-initiated.html @@ -4,7 +4,7 @@ Agent Initiated | Fleet - + @@ -24,7 +24,7 @@ by looking up the default ServiceAccount secret name (typically prefixed with ca.crt key.

caution

Use proper namespace and release name: For the agent chart the namespace must be cattle-fleet-system and the release name fleet-agent

danger

Ensure you are installing to the right cluster: Helm will use the default context in ${HOME}/.kube/config to deploy the agent. Use --kubeconfig and --kube-context -to change which cluster Helm is installing to.

Finally, install the agent using Helm.

helm -n cattle-fleet-system install --create-namespace --wait \
    $CLUSTER_LABELS \
    --values values.yaml \
    --set apiServerCA="$API_SERVER_CA_DATA" \
    --set apiServerURL="$API_SERVER_URL" \
    fleet-agent https://github.com/rancher/fleet/releases/download/v0.4.0/fleet-agent-0.4.0.tgz

The agent should now be deployed. You can check that status of the fleet pods by running the below commands.

# Ensure kubectl is pointing to the right cluster
kubectl -n cattle-fleet-system logs -l app=fleet-agent
kubectl -n cattle-fleet-system get pods -l app=fleet-agent

Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster +to change which cluster Helm is installing to.

Finally, install the agent using Helm.

helm -n cattle-fleet-system install --create-namespace --wait \
    $CLUSTER_LABELS \
    --values values.yaml \
    --set apiServerCA="$API_SERVER_CA_DATA" \
    --set apiServerURL="$API_SERVER_URL" \
    fleet-agent https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-agent-0.4.1.tgz

The agent should now be deployed. You can check that status of the fleet pods by running the below commands.

# Ensure kubectl is pointing to the right cluster
kubectl -n cattle-fleet-system logs -l app=fleet-agent
kubectl -n cattle-fleet-system get pods -l app=fleet-agent

Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster was registered in the clusters namespace. Please ensure your ${HOME}/.kube/config is pointed to the Fleet manager to run this command.

kubectl -n clusters get clusters.fleet.cattle.io
NAME                   BUNDLES-READY   NODES-READY   SAMPLE-NODE             LAST-SEEN              STATUS
cluster-ab13e54400f1   1/1             1/1           k3d-cluster2-server-0   2020-08-31T19:23:10Z

Install agent for a predefined Cluster​

Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them. A client ID is not required and is just one approach to managing clusters. @@ -37,10 +37,10 @@ client ID.

The Fleet agent is installed as a Helm chart. The only paramete is represented by the values.yaml file and the client ID. The client ID is optional.

First, create a Cluster in the Fleet Manager with the random client ID you have chosen.

kind: Cluster
apiVersion: fleet.cattle.io/v1alpha1
metadata:
  name: my-cluster
  namespace: clusters
spec:
  clientID: "really-random"

Second, follow the cluster registration token page to obtain the values.yaml file to be used.

Third, setup your environment to use the client ID.

CLUSTER_CLIENT_ID="really-random"
note

Use proper namespace and release name: For the agent chart the namespace must be cattle-fleet-system and the release name fleet-agent

note

Ensure you are installing to the right cluster: Helm will use the default context in ${HOME}/.kube/config to deploy the agent. Use --kubeconfig and --kube-context -to change which cluster Helm is installing to.

Finally, install the agent using Helm.

helm -n cattle-fleet-system install --create-namespace --wait \
    --set clientID="$CLUSTER_CLIENT_ID" \
    --values values.yaml \
    fleet-agent https://github.com/rancher/fleet/releases/download/v0.4.0/fleet-agent-v0.4.0.tgz

The agent should now be deployed. You can check that status of the fleet pods by running the below commands.

# Ensure kubectl is pointing to the right cluster
kubectl -n cattle-fleet-system logs -l app=fleet-agent
kubectl -n cattle-fleet-system get pods -l app=fleet-agent

Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster +to change which cluster Helm is installing to.

Finally, install the agent using Helm.

helm -n cattle-fleet-system install --create-namespace --wait \
    --set clientID="$CLUSTER_CLIENT_ID" \
    --values values.yaml \
    fleet-agent https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-agent-v0.4.1.tgz

The agent should now be deployed. You can check that status of the fleet pods by running the below commands.

# Ensure kubectl is pointing to the right cluster
kubectl -n cattle-fleet-system logs -l app=fleet-agent
kubectl -n cattle-fleet-system get pods -l app=fleet-agent

Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster was registered in the clusters namespace. Please ensure your ${HOME}/.kube/config is pointed to the Fleet -manager to run this command.

kubectl -n clusters get clusters.fleet.cattle.io
NAME                   BUNDLES-READY   NODES-READY   SAMPLE-NODE             LAST-SEEN              STATUS
my-cluster             1/1             1/1           k3d-cluster2-server-0   2020-08-31T19:23:10Z
Copyright © 2023 SUSE Rancher. All Rights Reserved.
- +manager to run this command.

kubectl -n clusters get clusters.fleet.cattle.io
NAME                   BUNDLES-READY   NODES-READY   SAMPLE-NODE             LAST-SEEN              STATUS
my-cluster             1/1             1/1           k3d-cluster2-server-0   2020-08-31T19:23:10Z
Copyright © 2023 SUSE Rancher. All Rights Reserved.
+ \ No newline at end of file diff --git a/0.4/architecture.html b/0.4/architecture.html index 38811db1e..e187efd59 100644 --- a/0.4/architecture.html +++ b/0.4/architecture.html @@ -4,7 +4,7 @@ Architecture | Fleet - + @@ -28,8 +28,8 @@ The cluster registration token is used only during the registration process to g to that cluster. After the cluster credential is established the cluster "forgets" the cluster registration token.

The service accounts given to the clusters only have privileges to list BundleDeployment in the namespace created specifically for that cluster. It can also update the status subresource of BundleDeployment and the status -subresource of it's Cluster resource.

Copyright © 2023 SUSE Rancher. All Rights Reserved.
- +subresource of it's Cluster resource.

Copyright © 2023 SUSE Rancher. All Rights Reserved.
+ \ No newline at end of file diff --git a/0.4/bundle-diffs.html b/0.4/bundle-diffs.html index be38c6681..35dde6165 100644 --- a/0.4/bundle-diffs.html +++ b/0.4/bundle-diffs.html @@ -4,14 +4,14 @@ Generating Diffs for Modified GitRepos | Fleet - +
Skip to main content
Version: 0.4

Generating Diffs for Modified GitRepos

Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.

You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the Bundles section.

The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the caBundle is empty and the CA cert is injected by the cluster.

This leads the status of the bundle and associated GitRepo to be reported as "Modified"

Associated Bundle -

Fleet bundles support the ability to specify a custom jsonPointer patch.

With the patch, users can instruct fleet to ignore object modifications.

In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

In our case the differences detected are as follows:

  summary:
    desiredReady: 1
    modified: 1
    nonReadyResources:
    - bundleState: Modified
      modifiedStatus:
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

Based on this summary, there are three objects which need to be patched.

We will look at these one at a time.

1. ValidatingWebhookConfiguration:​

The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

From this information, we can see the two ValidatingWebhooks in question are:

  "$setElementOrder/webhooks": [
    {
      "name": "validation.gatekeeper.sh"
    },
    {
      "name": "check-ignore-label.gatekeeper.sh"
    }
  ],

Within each ValidatingWebhook, the fields that need to be ignore are as follows:

    {
      "clientConfig": {
        "caBundle": "Cg=="
      },
      "name": "validation.gatekeeper.sh",
      "rules": [
        {
          "apiGroups": [
            "*"
          ],
          "apiVersions": [
            "*"
          ],
          "operations": [
            "CREATE",
            "UPDATE"
          ],
          "resources": [
            "*"
          ]
        }
      ]
    },

and 

    {
     "clientConfig": {
       "caBundle": "Cg=="
     },
     "name": "check-ignore-label.gatekeeper.sh",
     "rules": [
       {
         "apiGroups": [
           ""
         ],
         "apiVersions": [
           "*"
         ],
         "operations": [
           "CREATE",
           "UPDATE"
         ],
         "resources": [
           "namespaces"
         ]
       }
     ]
   }

In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

Based on this information, our diff patch would look as follows:

  - apiVersion: admissionregistration.k8s.io/v1
    kind: ValidatingWebhookConfiguration
    name: gatekeeper-validating-webhook-configuration
    operations:
    - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/0/rules"}
    - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/1/rules"}

2. Deployment gatekeeper-controller-manager:​

The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

{
  "spec": {
    "template": {
      "spec": {
        "$setElementOrder/containers": [
          {
            "name": "manager"
          }
        ],
        "containers": [
          {
            "name": "manager",
            "resources": {
              "limits": {
                "cpu": "1000m"
              }
            }
          }
        ],
        "tolerations": []
      }
    }
  }
}

In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

Based on this information, our diff patch would look as follows:

  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-controller-manager
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}

3. Deployment gatekeeper-audit:​

The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

{
  "spec": {
    "template": {
      "spec": {
        "$setElementOrder/containers": [
          {
            "name": "manager"
          }
        ],
        "containers": [
          {
            "name": "manager",
            "resources": {
              "limits": {
                "cpu": "1000m"
              }
            }
          }
        ],
        "tolerations": []
      }
    }
  }
}

Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

Based on this information, our diff patch would look as follows:

  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-audit
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}

Combining It All Together​

We can now combine all these patches as follows:

diff:
  comparePatches:
  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-audit
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}
  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-controller-manager
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}
  - apiVersion: admissionregistration.k8s.io/v1
    kind: ValidatingWebhookConfiguration
    name: gatekeeper-validating-webhook-configuration
    operations:
    - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/0/rules"}
    - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/1/rules"}

We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

Once these are added, the GitRepo should deploy and be in "Active" status.

Copyright © 2023 SUSE Rancher. All Rights Reserved.
- +

Fleet bundles support the ability to specify a custom jsonPointer patch.

With the patch, users can instruct fleet to ignore object modifications.

In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

In our case the differences detected are as follows:

  summary:
    desiredReady: 1
    modified: 1
    nonReadyResources:
    - bundleState: Modified
      modifiedStatus:
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

Based on this summary, there are three objects which need to be patched.

We will look at these one at a time.

1. ValidatingWebhookConfiguration:​

The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

From this information, we can see the two ValidatingWebhooks in question are:

  "$setElementOrder/webhooks": [
    {
      "name": "validation.gatekeeper.sh"
    },
    {
      "name": "check-ignore-label.gatekeeper.sh"
    }
  ],

Within each ValidatingWebhook, the fields that need to be ignore are as follows:

    {
      "clientConfig": {
        "caBundle": "Cg=="
      },
      "name": "validation.gatekeeper.sh",
      "rules": [
        {
          "apiGroups": [
            "*"
          ],
          "apiVersions": [
            "*"
          ],
          "operations": [
            "CREATE",
            "UPDATE"
          ],
          "resources": [
            "*"
          ]
        }
      ]
    },

and 

    {
     "clientConfig": {
       "caBundle": "Cg=="
     },
     "name": "check-ignore-label.gatekeeper.sh",
     "rules": [
       {
         "apiGroups": [
           ""
         ],
         "apiVersions": [
           "*"
         ],
         "operations": [
           "CREATE",
           "UPDATE"
         ],
         "resources": [
           "namespaces"
         ]
       }
     ]
   }

In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

Based on this information, our diff patch would look as follows:

  - apiVersion: admissionregistration.k8s.io/v1
    kind: ValidatingWebhookConfiguration
    name: gatekeeper-validating-webhook-configuration
    operations:
    - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/0/rules"}
    - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/1/rules"}

2. Deployment gatekeeper-controller-manager:​

The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

{
  "spec": {
    "template": {
      "spec": {
        "$setElementOrder/containers": [
          {
            "name": "manager"
          }
        ],
        "containers": [
          {
            "name": "manager",
            "resources": {
              "limits": {
                "cpu": "1000m"
              }
            }
          }
        ],
        "tolerations": []
      }
    }
  }
}

In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

Based on this information, our diff patch would look as follows:

  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-controller-manager
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}

3. Deployment gatekeeper-audit:​

The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

{
  "spec": {
    "template": {
      "spec": {
        "$setElementOrder/containers": [
          {
            "name": "manager"
          }
        ],
        "containers": [
          {
            "name": "manager",
            "resources": {
              "limits": {
                "cpu": "1000m"
              }
            }
          }
        ],
        "tolerations": []
      }
    }
  }
}

Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

Based on this information, our diff patch would look as follows:

  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-audit
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}

Combining It All Together​

We can now combine all these patches as follows:

diff:
  comparePatches:
  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-audit
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}
  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-controller-manager
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}
  - apiVersion: admissionregistration.k8s.io/v1
    kind: ValidatingWebhookConfiguration
    name: gatekeeper-validating-webhook-configuration
    operations:
    - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/0/rules"}
    - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/1/rules"}

We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

Once these are added, the GitRepo should deploy and be in "Active" status.

Copyright © 2023 SUSE Rancher. All Rights Reserved.
+ \ No newline at end of file diff --git a/0.4/cluster-bundles-state.html b/0.4/cluster-bundles-state.html index a9227e56b..00b9d9028 100644 --- a/0.4/cluster-bundles-state.html +++ b/0.4/cluster-bundles-state.html @@ -4,13 +4,13 @@ Cluster and Bundle state | Fleet - +
-
Skip to main content
Version: 0.4

Cluster and Bundle state

Clusters and Bundles have different states in each phase of applying Bundles.

Bundles​

Ready: Bundles have been deployed and all resources are ready.

NotReady: Bundles have been deployed and some resources are not ready.

WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

Pending: Bundles are being processed by Fleet controller.

Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

Clusters​

WaitCheckIn: Waiting for agent to report registration information and cluster status back.

NotReady: There are bundles in this cluster that are in NotReady state.

WaitApplied: There are bundles in this cluster that are in WaitApplied state.

ErrApplied: There are bundles in this cluster that are in ErrApplied state.

OutOfSync: There are bundles in this cluster that are in OutOfSync state.

Pending: There are bundles in this cluster that are in Pending state.

Modified: There are bundles in this cluster that are in Modified state.

Ready: Bundles in this cluster have been deployed and all resources are ready.

Copyright © 2023 SUSE Rancher. All Rights Reserved.
- +
Skip to main content
Version: 0.4

Cluster and Bundle state

Clusters and Bundles have different states in each phase of applying Bundles.

Bundles​

Ready: Bundles have been deployed and all resources are ready.

NotReady: Bundles have been deployed and some resources are not ready.

WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

Pending: Bundles are being processed by Fleet controller.

Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

Clusters​

WaitCheckIn: Waiting for agent to report registration information and cluster status back.

NotReady: There are bundles in this cluster that are in NotReady state.

WaitApplied: There are bundles in this cluster that are in WaitApplied state.

ErrApplied: There are bundles in this cluster that are in ErrApplied state.

OutOfSync: There are bundles in this cluster that are in OutOfSync state.

Pending: There are bundles in this cluster that are in Pending state.

Modified: There are bundles in this cluster that are in Modified state.

Ready: Bundles in this cluster have been deployed and all resources are ready.

Copyright © 2023 SUSE Rancher. All Rights Reserved.
+ \ No newline at end of file diff --git a/0.4/cluster-group.html b/0.4/cluster-group.html index acb2dcc1f..3e82c7f42 100644 --- a/0.4/cluster-group.html +++ b/0.4/cluster-group.html @@ -4,7 +4,7 @@ Cluster Groups | Fleet - + @@ -13,8 +13,8 @@ The only parameter for a cluster group is essentially the selector. When you get to a certain scale cluster groups become a more reasonable way to manage your clusters. Cluster groups serve the purpose of giving aggregated -status of the deployments and then also a simpler way to manage targets.

A cluster group is created by creating a ClusterGroup resource like below

kind: ClusterGroup
apiVersion: fleet.cattle.io/v1alpha1
metadata:
  name: production-group
  namespace: clusters
spec:
  # This is the standard metav1.LabelSelector format to match clusters by labels
  selector:
    matchLabels:
      env: prod
Copyright © 2023 SUSE Rancher. All Rights Reserved.
- +status of the deployments and then also a simpler way to manage targets.

A cluster group is created by creating a ClusterGroup resource like below

kind: ClusterGroup
apiVersion: fleet.cattle.io/v1alpha1
metadata:
  name: production-group
  namespace: clusters
spec:
  # This is the standard metav1.LabelSelector format to match clusters by labels
  selector:
    matchLabels:
      env: prod
Copyright © 2023 SUSE Rancher. All Rights Reserved.
+ \ No newline at end of file diff --git a/0.4/cluster-overview.html b/0.4/cluster-overview.html index a4f92d4e7..d3dac807f 100644 --- a/0.4/cluster-overview.html +++ b/0.4/cluster-overview.html @@ -4,7 +4,7 @@ Overview | Fleet - + @@ -24,8 +24,8 @@ manager must be able to communicate with the downstream cluster API server for t After the cluster is registered there is no further need for the manager to contact the downstream cluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes clusters through GitOps using something like cluster-api -or Rancher.

Copyright © 2023 SUSE Rancher. All Rights Reserved.
- +or Rancher.

Copyright © 2023 SUSE Rancher. All Rights Reserved.
+ \ No newline at end of file diff --git a/0.4/cluster-tokens.html b/0.4/cluster-tokens.html index eec644e81..d8d78e46c 100644 --- a/0.4/cluster-tokens.html +++ b/0.4/cluster-tokens.html @@ -4,7 +4,7 @@ Cluster Registration Tokens | Fleet - + @@ -26,8 +26,8 @@ are used in Fleet refer to the documentation on namesp token with the below YAML.

kind: ClusterRegistrationToken
apiVersion: "fleet.cattle.io/v1alpha1"
metadata:
    name: new-token
    namespace: clusters
spec:
    # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.
    ttl: 240h

After the ClusterRegistrationToken is created, Fleet will create a corresponding Secret with the same name. As the Secret creation is performed asynchronously, you will need to wait until it's available before using it.

One way to do so is via the following one-liner:

while ! kubectl --namespace=clusters  get secret new-token; do sleep 5; done

Obtaining Token Value (Agent values.yaml)​

The token value contains YAML content for a values.yaml file that is expected to be passed to helm install to install the Fleet agent on a downstream cluster.

Such value is contained in the values field of the Secret mentioned above. To obtain the YAML content for the -above example one can run the following one-liner:

kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml

Once the values.yaml is ready it can be used repeatedly by clusters to register until the TTL expires.

Copyright © 2023 SUSE Rancher. All Rights Reserved.
- +above example one can run the following one-liner:

kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml

Once the values.yaml is ready it can be used repeatedly by clusters to register until the TTL expires.

Copyright © 2023 SUSE Rancher. All Rights Reserved.
+ \ No newline at end of file diff --git a/0.4/concepts.html b/0.4/concepts.html index f13b8a750..70872980e 100644 --- a/0.4/concepts.html +++ b/0.4/concepts.html @@ -4,7 +4,7 @@ Core Concepts | Fleet - + @@ -24,8 +24,8 @@ Regardless of the source the contents are dynamically rendered into a Helm chart and installed into the downstream cluster as a helm release.

  • BundleDeployment: When a Bundle is deployed to a cluster an instance of a Bundle is called a BundleDeployment. A BundleDeployment represents the state of that Bundle on a specific cluster with its cluster specific customizations. The Fleet agent is only aware of BundleDeployment resources that are created for -the cluster the agent is managing.

    • For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click here.

  • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

  • Cluster Registration Token: Tokens used by agents to register a new cluster.

    • Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +the cluster the agent is managing.

  • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

  • Cluster Registration Token: Tokens used by agents to register a new cluster.

    • Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.4/examples.html b/0.4/examples.html index 64d636519..33d1922e6 100644 --- a/0.4/examples.html +++ b/0.4/examples.html @@ -4,14 +4,14 @@ Examples | Fleet - +
    Skip to main content
    Version: 0.4

    Examples

    Lifecycle of a Fleet Bundle​

    To demonstrate the lifecycle of a Fleet bundle, we will use multi-cluster/helm as a case study.

    1. User will create a GitRepo that points to the multi-cluster/helm repository.
    2. The gitjob-controller will sync changes from the GitRepo and detect changes from the polling or webhook event. With every commit change, the gitjob-controller will create a job that clones the git repository, reads content from the repo such as fleet.yaml and other manifests, and creates the Fleet bundle.

    Note: The job pod with the image name rancher/tekton-utils will be under the same namespace as the GitRepo.

    1. The fleet-controller then syncs changes from the bundle. According to the targets, the fleet-controller will create BundleDeployment resources, which are a combination of a bundle and a target cluster.
    2. The fleet-agent will then pull the BundleDeployment from the Fleet controlplane. The agent deploys bundle manifests as a Helm chart from the BundleDeployment into the downstream clusters.
    3. The fleet-agent will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.

    Deploy Kubernetes Manifests Across Clusters with Customization​

    Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.

    To demonstrate how to deploy Kubernetes manifests across different clusters using Fleet, we will use multi-cluster/helm/fleet.yaml as a case study.

    Situation: User has three clusters with three different labels: env=dev, env=test, and env=prod. User wants to deploy a frontend application with a backend database across these clusters.

    Expected behavior:

    • After deploying to the dev cluster, database replication is not enabled.
    • After deploying to the test cluster, database replication is enabled.
    • After deploying to the prod cluster, database replication is enabled and Load balancer services are exposed.

    Advantage of Fleet:

    Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:

    1. Deploy gitRepo https://github.com/rancher/fleet-examples.git and specify the path multi-cluster/helm.
    2. Under multi-cluster/helm, a Helm chart will deploy the frontend app service and backend database service.
    3. The following rule will be defined in fleet.yaml: 
    targetCustomizations:
    - name: dev
      helm:
        values:
          replication: false
      clusterSelector:
        matchLabels:
          env: dev

    - name: test
      helm:
        values:
          replicas: 3
      clusterSelector:
        matchLabels:
          env: test

    - name: prod
      helm:
        values:
          serviceType: LoadBalancer
          replicas: 3
      clusterSelector:
        matchLabels:
          env: prod

    Result:

    Fleet will deploy the Helm chart with your customized values.yaml to the different clusters.

    Note: Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.

    Additional Examples​

    Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations -of the three are in the Fleet Examples repo.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +of the three are in the Fleet Examples repo.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.4/gitrepo-add.html b/0.4/gitrepo-add.html index 768845fa7..0359601b5 100644 --- a/0.4/gitrepo-add.html +++ b/0.4/gitrepo-add.html @@ -4,15 +4,15 @@ Adding a GitRepo | Fleet - +
    Skip to main content
    Version: 0.4

    Adding a GitRepo

    Proper namespace​

    Git repos are added to the Fleet manager using the GitRepo custom resource type. The GitRepo type is namespaced. By default, Rancher will create two Fleet workspaces: fleet-default and fleet-local.

    • Fleet-default will contain all the downstream clusters that are already registered through Rancher.
    • Fleet-local will contain the local cluster by default.

    Users can create new workspaces and move clusters across workspaces. An example of a special case might be including the local cluster in the GitRepo payload for config maps and secrets (no active deployments or payloads).

    danger

    While it's possible to move clusters out of either workspace, we recommend that you keep the local cluster in fleet-local.

    If you are using Fleet in a single cluster style, the namespace will always be fleet-local. Check here for more on the fleet-local namespace.

    For a multi-cluster style, please ensure you use the correct repo that will map to the right target clusters.

    Create GitRepo instance​

    Git repositories are register by creating a GitRepo following the below YAML sample. Refer to the inline comments as the means of each field

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-repo
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      # This can be a HTTPS or git URL.  If you are using a git URL then
      # clientSecretName will probably need to be set to supply a credential.
      # repo is the only required parameter for a repo to be monitored.
      #
      repo: https://github.com/rancher/fleet-examples

      # Enforce all resources go to this target namespace. If a cluster scoped
      # resource is found the deployment will fail.
      #
      # targetNamespace: app1

      # Any branch can be watched, this field is optional. If not specified the
      # branch is assumed to be master
      #
      # branch: master

      # A specific commit or tag can also be watched.
      #
      # revision: v0.3.0

      # For a private registry you must supply a clientSecretName. A default
      # secret can be set at the namespace level using the GitRepoRestriction
      # type. Secrets must be of the type "kubernetes.io/ssh-auth" or
      # "kubernetes.io/basic-auth". The secret is assumed to be in the
      # same namespace as the GitRepo
      #
      # clientSecretName: my-ssh-key
      #
      # If fleet.yaml contains a private Helm repo that requires authentication,
      # provide the credentials in a K8s secret and specify them here.
      # Danger: the credentials will be sent to all repositories referenced from
      # this gitrepo. See section below for more information.
      #
      # helmSecretName: my-helm-secret
      #
      # To add additional ca-bundle for self-signed certs, caBundle can be
      # filled with base64 encoded pem data. For example:
      # `cat /path/to/ca.pem | base64 -w 0`
      #
      # caBundle: my-ca-bundle
      #
      # Disable SSL verification for git repo
      #
      # insecureSkipTLSVerify: true
      #
      # A git repo can read multiple paths in a repo at once.
      # The below field is expected to be an array of paths and
      # supports path globbing (ex: some/*/path)
      #
      # Example:
      # paths:
      # - single-path
      # - multiple-paths/*
      paths:
      - simple

      # PollingInterval configures how often fleet checks the git repo. The default
      # is 15 seconds.
      # Setting this to zero does not disable polling. It results in a 15s
      # interval, too.
      #
      # pollingInterval: 15

      # Paused  causes changes in Git to not be propagated down to the clusters but
      # instead mark resources as OutOfSync
      #
      # paused: false

      # Increment this number to force a redeployment of contents from Git
      #
      # forceSyncGeneration: 0

      # The service account that will be used to perform this deployment.
      # This is the name of the service account that exists in the
      # downstream cluster in the cattle-fleet-system namespace. It is assumed
      # this service account already exists so it should be create before
      # hand, most likely coming from another git repo registered with
      # the Fleet manager.
      #
      # serviceAccount: moreSecureAccountThanClusterAdmin

      # Target clusters to deploy to if running Fleet in a multi-cluster
      # style. Refer to the "Mapping to Downstream Clusters" docs for
      # more information.
      #
      # targets: ...

    Adding Private Git Repository​

    Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace.

    For example, to generate a private ssh key

    ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"

    Note: The private key format has to be in EC PRIVATE KEY, RSA PRIVATE KEY or PRIVATE KEY and should not contain a passphase.

    Put your private key into secret, use the namespace the GitRepo is in:

    kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key  --type=kubernetes.io/ssh-auth
    caution

    Private key with passphrase is not supported.

    caution

    The key has to be in PEM format.

    Fleet supports putting known_hosts into ssh secret. Here is an example of how to add it:

    Fetch the public key hash(take github as an example)

    ssh-keyscan -H github.com

    And add it into secret:

    apiVersion: v1
    kind: Secret
    metadata:
      name: ssh-key
    type: kubernetes.io/ssh-auth
    stringData:
      ssh-privatekey: <private-key>
      known_hosts: |-
        |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
    danger

    If you don't add it any server's public key will be trusted and added. (ssh -o stricthostkeychecking=accept-new will be used)

    info

    If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.

    Using HTTP Auth​

    Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see HTTP secrets in Github.

    kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat

    Just like with SSH, reference the secret in your GitRepo resource via clientSecretName.

    spec:
      repo: https://github.com/fleetrepoci/gitjob-private.git
      branch: main
      clientSecretName: basic-auth-secret

    Using Private Helm Repositories​

    danger

    The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource. -Make sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.

    For a private Helm repo, users can reference a secret with the following keys:

    1. username and password for basic http auth if the Helm HTTP repo is behind basic auth.

    2. cacerts for custom CA bundle if the Helm repo is using a custom CA.

    3. ssh-privatekey for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.

    For example, to add a secret in kubectl, run

    kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem

    After secret is created, specify the secret to gitRepo.spec.helmSecretName. Make sure secret is created under the same namespace with gitrepo.

    Troubleshooting

    See Fleet Troubleshooting section here.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +Make sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.

    For a private Helm repo, users can reference a secret with the following keys:

    1. username and password for basic http auth if the Helm HTTP repo is behind basic auth.

    2. cacerts for custom CA bundle if the Helm repo is using a custom CA.

    3. ssh-privatekey for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.

    For example, to add a secret in kubectl, run

    kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem

    After secret is created, specify the secret to gitRepo.spec.helmSecretName. Make sure secret is created under the same namespace with gitrepo.

    Troubleshooting

    See Fleet Troubleshooting section here.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.4/gitrepo-structure.html b/0.4/gitrepo-structure.html index 8dee3b7a6..a2fc78c28 100644 --- a/0.4/gitrepo-structure.html +++ b/0.4/gitrepo-structure.html @@ -4,7 +4,7 @@ Expected Repo Structure | Fleet - + @@ -43,8 +43,8 @@ the contents a file the convention of adding _patch. (notice the tr will be replaced with . from the file name and that will be used as the target. For example deployment_patch.yaml will target deployment.yaml. The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch. Which strategy is used is based on the file content. Even though JSON strategies are used, the files can be written -using YAML syntax.

    Cluster and Bundle state​

    See Cluster and Bundle state.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +using YAML syntax.

    Cluster and Bundle state​

    See Cluster and Bundle state.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.4/gitrepo-targets.html b/0.4/gitrepo-targets.html index 66c9d6d64..51551fb49 100644 --- a/0.4/gitrepo-targets.html +++ b/0.4/gitrepo-targets.html @@ -4,7 +4,7 @@ Mapping to Downstream Clusters | Fleet - + @@ -18,8 +18,8 @@ One can use cluster selectors, cluster group selectors, or an explicit cluster g the final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the default value it is dropped from the criteria. The default value is either null or "". It is important to realize that the value {} for a selector means "match everything."

    # Match everything
    clusterSelector: {}
    # Selector ignored
    clusterSelector: null

    Default target​

    If no target is set for the GitRepo then the default targets value is applied. The default targets value is as below.

    targets:
    - name: default
      clusterGroup: default

    This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default -and add clusters to it.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +and add clusters to it.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.4/imagescan.html b/0.4/imagescan.html index ab0147cf7..de8f996e9 100644 --- a/0.4/imagescan.html +++ b/0.4/imagescan.html @@ -4,15 +4,15 @@ Image scan | Fleet - +
    Skip to main content
    Version: 0.4

    Image scan

    Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository, without the need to manually update your manifests.

    caution

    This feature is considered as experimental feature.

    Go to fleet.yaml and add the following section.

    imageScans:
    # specify the policy to retrieve images, can be semver or alphabetical order 
    - policy: 
        # if range is specified, it will take the latest image according to semver order in the range
        # for more details on how to use semver, see https://github.com/Masterminds/semver
        semver: 
          range: "*" 
        # can use ascending or descending order
        alphabetical:
          order: asc 

      # specify images to scan
      image: "your.registry.com/repo/image" 

      # Specify the tag name, it has to be unique in the same bundle
      tagName: test-scan

      # specify secret to pull image if in private registry
      secretRef:
        name: dockerhub-secret 

      # Specify the scan interval
      interval: 5m
    info

    You can create multiple image scans in fleet.yaml.

    Go to your manifest files and update the field that you want to replace. For example:

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: redis-slave
    spec:
      selector:
        matchLabels:
          app: redis
          role: slave
          tier: backend
      replicas: 2
      template:
        metadata:
          labels:
            app: redis
            role: slave
            tier: backend
        spec:
          containers:
          - name: slave
            image: <image>:<tag> # {"$imagescan": "test-scan"}
            resources:
              requests:
                cpu: 100m
                memory: 100Mi
            ports:
            - containerPort: 6379
    note

    There are multiple form of tagName you can reference. For example

    {"$imagescan": "test-scan"}: Use full image name(foo/bar:tag)

    {"$imagescan": "test-scan:name"}: Only use image name without tag(foo/bar)

    {"$imagescan": "test-scan:tag"}: Only use image tag

    {"$imagescan": "test-scan:digest"}: Use full image name with digest(foo/bar:tag@sha256...)

    Create a GitRepo that includes your fleet.yaml

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: my-repo
      namespace: fleet-local
    spec:
      # change this to be your own repo
      repo: https://github.com/rancher/fleet-examples 
      # define how long it will sync all the images and decide to apply change
      imageScanInterval: 5m 
      # user must properly provide a secret that have write access to git repository
      clientSecretName: secret 
      # specify the commit pattern
      imageScanCommit:
        authorName: foo
        authorEmail: foo@bar.com
        messageTemplate: "update image"

    Try pushing a new image tag, for example, <image>:<new-tag>. Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml. -Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.4/installation.html b/0.4/installation.html index 94b0674c9..02aba98a1 100644 --- a/0.4/installation.html +++ b/0.4/installation.html @@ -4,7 +4,7 @@ Installation | Fleet - + @@ -13,8 +13,8 @@ Multi-Cluster install. The single cluster install is for if you wish to use GitOps to manage a single cluster, in which case you do not need a centralized manager cluster. In the multi-cluster use case you will setup a centralized manager cluster to which you can register clusters.

    If you are just learning Fleet the single cluster install is the recommended starting -point. After which you can move from single cluster to multi-cluster setup down the line.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +point. After which you can move from single cluster to multi-cluster setup down the line.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.4/manager-initiated.html b/0.4/manager-initiated.html index c8ce5b451..6847fb063 100644 --- a/0.4/manager-initiated.html +++ b/0.4/manager-initiated.html @@ -4,7 +4,7 @@ Manager Initiated | Fleet - + @@ -15,8 +15,8 @@ of the kubeconfig secret used in cluster-api. This means you can use cluster-api to create a cluster that is dynamically -registered with Fleet.

    Example​

    Kubeconfig Secret​

    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Cluster​

    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +registered with Fleet.

    Example​

    Kubeconfig Secret​

    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Cluster​

    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.4/multi-cluster-install.html b/0.4/multi-cluster-install.html index 53f2d092c..94a70e293 100644 --- a/0.4/multi-cluster-install.html +++ b/0.4/multi-cluster-install.html @@ -4,7 +4,7 @@ Multi-cluster Install | Fleet - + @@ -34,9 +34,9 @@ well known CA then omit the --cacert ${API_SERVER_CA} part of the c only because the curl command is not setting proper credentials, but this validates that the TLS connection work and the ca.pem is correct for this URL. If you get a SSL certificate problem then the ca.pem is not correct. The contents of the ${API_SERVER_CA} file should look similar to the below

    -----BEGIN CERTIFICATE-----
    MIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2
    ZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda
    MCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49
    AgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E
    0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE
    AwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs
    ciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN
    KDs/pb3fnMTtpA==
    -----END CERTIFICATE-----

    Once you have validated the API server URL and API server CA parameters, install the following two -Helm charts.

    First install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.0/fleet-crd-0.4.0.tgz

    Second install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        --set apiServerURL="${API_SERVER_URL}" \
        --set-file apiServerCA="${API_SERVER_CA}" \
        fleet https://github.com/rancher/fleet/releases/download/v0.4.0/fleet-0.4.0.tgz

    Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    At this point the Fleet manager should be ready. You can now register clusters and git repos with -the Fleet manager.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +Helm charts.

    First install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-0.4.1.tgz

    Second install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        --set apiServerURL="${API_SERVER_URL}" \
        --set-file apiServerCA="${API_SERVER_CA}" \
        fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-0.4.1.tgz

    Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    At this point the Fleet manager should be ready. You can now register clusters and git repos with +the Fleet manager.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.4/namespaces.html b/0.4/namespaces.html index 02429c936..fe2a2561e 100644 --- a/0.4/namespaces.html +++ b/0.4/namespaces.html @@ -4,7 +4,7 @@ Namespaces | Fleet - + @@ -35,8 +35,8 @@ be evaluated against all clusters in all namespaces that match namespaceSe bundles from git by putting labels in the fleet.yaml file or on the metadata.labels field on the GitRepo.

    Restricting GitRepos​

    A namespace can contain multiple GitRepoRestriction resources. All GitRepos created in that namespace will be checked against the list of restrictions. If a GitRepo violates one of the constraints its BundleDeployment will be -in an error state and won't be deployed.

    This can also be used to set the defaults for GitRepo's serviceAccount and clientSecretName fields.

    kind: GitRepoRestriction
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: restriction
      namespace: typically-unique
    allowedClientSecretNames: []
    allowedRepoPatterns: []
    allowedServiceAccounts: []
    defaultClientSecretName: ""
    defaultServiceAccount: ""
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +in an error state and won't be deployed.

    This can also be used to set the defaults for GitRepo's serviceAccount and clientSecretName fields.

    kind: GitRepoRestriction
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: restriction
      namespace: typically-unique
    allowedClientSecretNames: []
    allowedRepoPatterns: []
    allowedServiceAccounts: []
    defaultClientSecretName: ""
    defaultServiceAccount: ""
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.4/quickstart.html b/0.4/quickstart.html index b84a17353..c272c7f73 100644 --- a/0.4/quickstart.html +++ b/0.4/quickstart.html @@ -4,15 +4,15 @@ Quick Start | Fleet - +
    Skip to main content
    Version: 0.4

    Quick Start

    Who needs documentation, lets just run this thing!

    Install​

    Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure -things to your cluster.

    brew install helm

    Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.0/fleet-crd-v0.4.0.tgz
    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet https://github.com/rancher/fleet/releases/download/v0.4.0/fleet-v0.4.0.tgz

    Add a Git Repo to watch​

    Change spec.repo to your git repo of choice. Kubernetes manifest files that should -be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be ran in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +things to your cluster.

    brew install helm

    Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-v0.4.1.tgz
    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-v0.4.1.tgz

    Add a Git Repo to watch​

    Change spec.repo to your git repo of choice. Kubernetes manifest files that should +be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be ran in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.4/single-cluster-install.html b/0.4/single-cluster-install.html index 5d61135a4..ca3813278 100644 --- a/0.4/single-cluster-install.html +++ b/0.4/single-cluster-install.html @@ -4,7 +4,7 @@ Single Cluster Install | Fleet - + @@ -17,9 +17,9 @@ use case for production.

    official install instructions. The TL;DR is

    macOS

    brew install helm

    Windows

    choco install kubernetes-helm

    Kubernetes​

    Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the single cluster use case you will install Fleet to the cluster which you intend to manage with GitOps. -Any Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater.

    Install​

    Install the following two Helm charts.

    First install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.0/fleet-crd-0.4.0.tgz

    Second install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet https://github.com/rancher/fleet/releases/download/v0.4.0/fleet-0.4.0.tgz

    Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by -running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    You can now register some git repos in the fleet-local namespace to start deploying Kubernetes resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +Any Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater.

    Install​

    Install the following two Helm charts.

    First install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-0.4.1.tgz

    Second install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-0.4.1.tgz

    Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by +running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    You can now register some git repos in the fleet-local namespace to start deploying Kubernetes resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.4/troubleshooting.html b/0.4/troubleshooting.html index bb5f48753..f671adbd1 100644 --- a/0.4/troubleshooting.html +++ b/0.4/troubleshooting.html @@ -4,14 +4,14 @@ Troubleshooting | Fleet - +
    Skip to main content
    Version: 0.4

    Troubleshooting

    This section contains commands and tips to troubleshoot Fleet.

    How Do I...​

    Fetch the log from fleet-controller?​

    In the local management cluster where the fleet-controller is deployed, run the following command with your specific fleet-controller pod name filled in:

    $ kubectl logs -l app=fleet-controller -n cattle-fleet-system

    Fetch the log from the fleet-agent?​

    Go to each downstream cluster and run the following command for the local cluster with your specific fleet-agent pod name filled in:

    # Downstream cluster
    $ kubectl logs -l app=fleet-agent -n cattle-fleet-system
    # Local cluster
    $ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system

    Fetch detailed error logs from GitRepos and Bundles?​

    Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:

    • For more information about the bundle, click on bundle, and the YAML mode will be enabled.
    • For more information about the GitRepo, click on GitRepo, then click on View Yaml in the upper right of the screen. After viewing the YAML, check status.conditions; a detailed error message should be displayed here.
    • Check the fleet-controller for synching errors.
    • Check the fleet-agent log in the downstream cluster if you encounter issues when deploying the bundle.

    Check a chart rendering error in Kustomize?​

    Check the fleet-controller logs and the fleet-agent logs.

    Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?​

    Check the gitjob-controller logs using the following command with your specific gitjob pod name filled in:

    $ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system

    Note that there are two containers inside the pod: the step-git-source container that clones the git repo, and the fleet container that applies bundles based on the git repo.

    The pods will usually have images named rancher/tekton-utils with the gitRepo name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific gitRepoName pod name and namespace:

    $ kubectl logs -f $gitRepoName-pod-name -n namespace

    Check the status of the fleet-controller?​

    You can check the status of the fleet-controller pods by running the commands below:

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    Migrate the local cluster to the Fleet default cluster?​

    For users who want to deploy to the local cluster as well, they may move the cluster from fleet-local to fleet-default in the Rancher UI as follows:

    • To get to Fleet in Rancher, click ☰ > Continuous Delivery.
    • Under the Clusters menu, select the local cluster by checking the box to the left.
    • Select Assign to from the tabs above the cluster.
    • Select fleet-default from the Assign Cluster To dropdown.

    Result: The cluster will be migrated to fleet-default.

    Enable debug logging for fleet-controller and fleet-agent?​

    Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added.

    • Go to the Dashboard, then click on the local cluster in the left navigation menu
    • Select Apps & Marketplace, then Installed Apps from the dropdown
    • From there, you will upgrade the Fleet chart with the value debug=true. You can also set debugLevel=5 if desired.

    Additional Solutions for Other Fleet Issues​

    Naming conventions for CRDs​

    1. For CRD terms like clusters and gitrepos, you must reference the full CRD name. For example, the cluster CRD's complete name is cluster.fleet.cattle.io, and the gitrepo CRD's complete name is gitrepo.fleet.cattle.io.

    2. Bundles, which are created from the GitRepo, follow the pattern $gitrepoName-$path in the same workspace/namespace where the GitRepo was created. Note that $path is the path directory in the git repository that contains the bundle (fleet.yaml).

    3. BundleDeployments, which are created from the bundle, follow the pattern $bundleName-$clusterName in the namespace clusters-$workspace-$cluster-$generateHash. Note that $clusterName is the cluster to which the bundle will be deployed.

    HTTP secrets in Github​

    When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:

    1. Create a personal access token in Github.
    2. In Rancher, create an HTTP secret with your Github username.
    3. Use your token as the secret.

    Fleet fails with bad response code: 403​

    If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your fleet.yaml:

    time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"

    Perform the following steps to assess:

    • Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully
    • Check that your credentials for the git repo are valid

    Helm chart repo: certificate signed by unknown authority​

    If your GitJob returns the error below, you may have added the wrong certificate chain:

    time="2021-11-11T05:55:08Z" level=fatal msg="Get \"https://helm.intra/virtual-helm/index.yaml\": x509: certificate signed by unknown authority"

    Please verify your certificate with the following command:

    context=playground-local
    kubectl get secret -n fleet-default helm-repo -o jsonpath="{['data']['cacerts']}" --context $context | base64 -d | openssl x509 -text -noout
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71
            Signature Algorithm: sha512WithRSAEncryption
            Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3
    ...

    Fleet deployment stuck in modified state​

    When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.

    To ignore the modified flag for the differences between the Helm install generated by fleet.yaml and the resource in your cluster, add a diff.comparePatches to the fleet.yaml for your Deployment, as shown in this example:

    defaultNamespace: <namespace name> 
    helm:  
      releaseName: <release name>  
      repo: <repo name> 
      chart: <chart name>
    diff:  
      comparePatches:  
      - apiVersion: apps/v1
        kind: Deployment
        operations:
        - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}
        - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}
        jsonPointers: # jsonPointers allows to ignore diffs at certain json path
        - "/spec/template/spec/priorityClassName"
        - "/spec/template/spec/tolerations"

    To determine which operations should be removed, observe the logs from fleet-agent on the target cluster. You should see entries similar to the following:

    level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\"spec\":{\"template\":{\"spec\":{\"hostNetwork\":false}}}}"

    Based on the above log, you can add the following entry to remove the operation:

    {"op":"remove", "path":"/spec/template/spec/hostNetwork"}

    GitRepo or Bundle stuck in modified state​

    Modified means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository.

    1. Check the bundle diffs documentation for more information.

    2. You can also force update the gitrepo to perform a manual resync. Select GitRepo on the left navigation bar, then select Force Update.

    Bundle has a Horizontal Pod Autoscaler (HPA) in modified state​

    For bundles with an HPA, the expected state is Modified, as the bundle contains fields that differ from the state of the Bundle at deployment - usually ReplicaSet.

    You must define a patch in the fleet.yaml to ignore this field according to GitRepo or Bundle stuck in modified state.

    Here is an example of such a patch for the deployment nginx in namespace default:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: nginx
        namespace: default
        operations:
        - {"op": "remove", "path": "/spec/replicas"}

    What if the cluster is unavailable, or is in a WaitCheckIn state?​

    You will need to re-import and restart the registration process: Select Cluster on the left navigation bar, then select Force Update

    caution

    WaitCheckIn status for Rancher v2.5: -The cluster will show in WaitCheckIn status because the fleet-controller is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the Rancher docs.

    GitRepo complains with gzip: invalid header​

    When you see an error like the one below ...

    Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header

    ... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +The cluster will show in WaitCheckIn status because the fleet-controller is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the Rancher docs.

    GitRepo complains with gzip: invalid header​

    When you see an error like the one below ...

    Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header

    ... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.4/uninstall.html b/0.4/uninstall.html index cc237da5f..e4a946fc4 100644 --- a/0.4/uninstall.html +++ b/0.4/uninstall.html @@ -4,15 +4,15 @@ Uninstall | Fleet - +
    Skip to main content
    Version: 0.4

    Uninstall

    Fleet is packaged as two Helm charts so uninstall is accomplished by uninstalling the appropriate Helm charts. To uninstall Fleet run the following -two commands:

    helm -n cattle-fleet-system uninstall fleet
    helm -n cattle-fleet-system uninstall fleet-crd
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +two commands:

    helm -n cattle-fleet-system uninstall fleet
    helm -n cattle-fleet-system uninstall fleet-crd
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.4/webhook.html b/0.4/webhook.html index 4edb40aab..75aafa32d 100644 --- a/0.4/webhook.html +++ b/0.4/webhook.html @@ -4,7 +4,7 @@ Webhook | Fleet - + @@ -12,8 +12,8 @@
    Skip to main content
    Version: 0.4

    Webhook

    By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github, GitLab, Bitbucket, Bitbucket Server and Gogs.

    1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.​

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: webhook-ingress
      namespace: cattle-fleet-system
    spec:
      rules:
      - host: your.domain.com
        http:
          paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: gitjob
                  port:
                    number: 80
    info

    You can configure TLS on ingress.

    2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.​

    Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default. If your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the -secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5.html b/0.5.html index fb8f8525e..c9d4f4a2d 100644 --- a/0.5.html +++ b/0.5.html @@ -4,13 +4,13 @@ Overview | Fleet - +
    -
    Skip to main content
    Version: 0.5

    Overview

    What is Fleet?​

    • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

    • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability.

    Configuration Management​

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Skip to main content
    Version: 0.5

    Overview

    What is Fleet?​

    • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

    • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability.

    Configuration Management​

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/advanced-users.html b/0.5/advanced-users.html index b58e1c6d5..d89c73d25 100644 --- a/0.5/advanced-users.html +++ b/0.5/advanced-users.html @@ -4,13 +4,13 @@ Advanced Users | Fleet - +
    -
    Skip to main content
    Version: 0.5

    Advanced Users

    Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.

    The following are examples of advanced use cases:

    Please refer to the installation and the uninstall documentation for additional information.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Skip to main content
    Version: 0.5

    Advanced Users

    Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.

    The following are examples of advanced use cases:

    Please refer to the installation and the uninstall documentation for additional information.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/agent-initiated.html b/0.5/agent-initiated.html index 64f6d5ca6..9ea4ffb2b 100644 --- a/0.5/agent-initiated.html +++ b/0.5/agent-initiated.html @@ -4,7 +4,7 @@ Agent Initiated | Fleet - + @@ -24,7 +24,7 @@ by looking up the default ServiceAccount secret name (typically prefixed with ca.crt     key.

    caution

    Use proper namespace and release name: For the agent chart the namespace must be cattle-fleet-system and the release name fleet-agent

    danger

    Ensure you are installing to the right cluster: Helm will use the default context in ${HOME}/.kube/config to deploy the agent. Use --kubeconfig and --kube-context -to change which cluster Helm is installing to.

    Finally, install the agent using Helm.

    helm -n cattle-fleet-system install --create-namespace --wait \
        $CLUSTER_LABELS \
        --values values.yaml \
        --set apiServerCA="$API_SERVER_CA_DATA" \
        --set apiServerURL="$API_SERVER_URL" \
        fleet-agent https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-agent-0.5.0.tgz

    The agent should now be deployed. You can check that status of the fleet pods by running the below commands.

    # Ensure kubectl is pointing to the right cluster
    kubectl -n cattle-fleet-system logs -l app=fleet-agent
    kubectl -n cattle-fleet-system get pods -l app=fleet-agent

    Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster +to change which cluster Helm is installing to.

    Finally, install the agent using Helm.

    helm -n cattle-fleet-system install --create-namespace --wait \
        $CLUSTER_LABELS \
        --values values.yaml \
        --set apiServerCA="$API_SERVER_CA_DATA" \
        --set apiServerURL="$API_SERVER_URL" \
        fleet-agent https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-agent-0.5.2.tgz

    The agent should now be deployed. You can check that status of the fleet pods by running the below commands.

    # Ensure kubectl is pointing to the right cluster
    kubectl -n cattle-fleet-system logs -l app=fleet-agent
    kubectl -n cattle-fleet-system get pods -l app=fleet-agent

    Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster was registered in the clusters namespace. Please ensure your ${HOME}/.kube/config is pointed to the Fleet manager to run this command.

    kubectl -n clusters get clusters.fleet.cattle.io
    NAME                   BUNDLES-READY   NODES-READY   SAMPLE-NODE             LAST-SEEN              STATUS
    cluster-ab13e54400f1   1/1             1/1           k3d-cluster2-server-0   2020-08-31T19:23:10Z

    Install agent for a predefined Cluster​

    Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them. A client ID is not required and is just one approach to managing clusters. @@ -37,10 +37,10 @@ client ID.

    The Fleet agent is installed as a Helm chart. The only paramete is represented by the values.yaml file and the client ID. The client ID is optional.

    First, create a Cluster in the Fleet Manager with the random client ID you have chosen.

    kind: Cluster
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: my-cluster
      namespace: clusters
    spec:
      clientID: "really-random"

    Second, follow the cluster registration token page to obtain the values.yaml file to be used.

    Third, setup your environment to use the client ID.

    CLUSTER_CLIENT_ID="really-random"
    note

    Use proper namespace and release name: For the agent chart the namespace must be cattle-fleet-system and the release name fleet-agent

    note

    Ensure you are installing to the right cluster: Helm will use the default context in ${HOME}/.kube/config to deploy the agent. Use --kubeconfig and --kube-context -to change which cluster Helm is installing to.

    Finally, install the agent using Helm.

    helm -n cattle-fleet-system install --create-namespace --wait \
        --set clientID="$CLUSTER_CLIENT_ID" \
        --values values.yaml \
        fleet-agent https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-agent-0.5.0.tgz

    The agent should now be deployed. You can check that status of the fleet pods by running the below commands.

    # Ensure kubectl is pointing to the right cluster
    kubectl -n cattle-fleet-system logs -l app=fleet-agent
    kubectl -n cattle-fleet-system get pods -l app=fleet-agent

    Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster +to change which cluster Helm is installing to.

    Finally, install the agent using Helm.

    helm -n cattle-fleet-system install --create-namespace --wait \
        --set clientID="$CLUSTER_CLIENT_ID" \
        --values values.yaml \
        fleet-agent https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-agent-0.5.2.tgz

    The agent should now be deployed. You can check that status of the fleet pods by running the below commands.

    # Ensure kubectl is pointing to the right cluster
    kubectl -n cattle-fleet-system logs -l app=fleet-agent
    kubectl -n cattle-fleet-system get pods -l app=fleet-agent

    Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster was registered in the clusters namespace. Please ensure your ${HOME}/.kube/config is pointed to the Fleet -manager to run this command.

    kubectl -n clusters get clusters.fleet.cattle.io
    NAME                   BUNDLES-READY   NODES-READY   SAMPLE-NODE             LAST-SEEN              STATUS
    my-cluster             1/1             1/1           k3d-cluster2-server-0   2020-08-31T19:23:10Z
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +manager to run this command.

    kubectl -n clusters get clusters.fleet.cattle.io
    NAME                   BUNDLES-READY   NODES-READY   SAMPLE-NODE             LAST-SEEN              STATUS
    my-cluster             1/1             1/1           k3d-cluster2-server-0   2020-08-31T19:23:10Z
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/architecture.html b/0.5/architecture.html index fa0927cbb..519445ba8 100644 --- a/0.5/architecture.html +++ b/0.5/architecture.html @@ -4,7 +4,7 @@ Architecture | Fleet - + @@ -28,8 +28,8 @@ The cluster registration token is used only during the registration process to g to that cluster. After the cluster credential is established the cluster "forgets" the cluster registration token.

    The service accounts given to the clusters only have privileges to list BundleDeployment in the namespace created specifically for that cluster. It can also update the status subresource of BundleDeployment and the status -subresource of it's Cluster resource.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +subresource of it's Cluster resource.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/bundle-diffs.html b/0.5/bundle-diffs.html index f3442ee83..9c3577d4f 100644 --- a/0.5/bundle-diffs.html +++ b/0.5/bundle-diffs.html @@ -4,14 +4,14 @@ Generating Diffs for Modified GitRepos | Fleet - +
    Skip to main content
    Version: 0.5

    Generating Diffs for Modified GitRepos

    Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.

    You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the Bundles section.

    The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the caBundle is empty and the CA cert is injected by the cluster.

    This leads the status of the bundle and associated GitRepo to be reported as "Modified"

    Associated Bundle -

    Fleet bundles support the ability to specify a custom jsonPointer patch.

    With the patch, users can instruct fleet to ignore object modifications.

    In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

    The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

    Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

    In our case the differences detected are as follows:

      summary:
        desiredReady: 1
        modified: 1
        nonReadyResources:
        - bundleState: Modified
          modifiedStatus:
          - apiVersion: admissionregistration.k8s.io/v1
            kind: ValidatingWebhookConfiguration
            name: gatekeeper-validating-webhook-configuration
            patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-audit
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-controller-manager
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

    Based on this summary, there are three objects which need to be patched.

    We will look at these one at a time.

    1. ValidatingWebhookConfiguration:​

    The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

    In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

    From this information, we can see the two ValidatingWebhooks in question are:

      "$setElementOrder/webhooks": [
        {
          "name": "validation.gatekeeper.sh"
        },
        {
          "name": "check-ignore-label.gatekeeper.sh"
        }
      ],

    Within each ValidatingWebhook, the fields that need to be ignore are as follows:

        {
          "clientConfig": {
            "caBundle": "Cg=="
          },
          "name": "validation.gatekeeper.sh",
          "rules": [
            {
              "apiGroups": [
                "*"
              ],
              "apiVersions": [
                "*"
              ],
              "operations": [
                "CREATE",
                "UPDATE"
              ],
              "resources": [
                "*"
              ]
            }
          ]
        },

    and 

        {
         "clientConfig": {
           "caBundle": "Cg=="
         },
         "name": "check-ignore-label.gatekeeper.sh",
         "rules": [
           {
             "apiGroups": [
               ""
             ],
             "apiVersions": [
               "*"
             ],
             "operations": [
               "CREATE",
               "UPDATE"
             ],
             "resources": [
               "namespaces"
             ]
           }
         ]
       }

    In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

    The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

    Based on this information, our diff patch would look as follows:

      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    2. Deployment gatekeeper-controller-manager:​

    The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    3. Deployment gatekeeper-audit:​

    The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    Combining It All Together​

    We can now combine all these patches as follows:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

    Once these are added, the GitRepo should deploy and be in "Active" status.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +

    Fleet bundles support the ability to specify a custom jsonPointer patch.

    With the patch, users can instruct fleet to ignore object modifications.

    In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

    The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

    Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

    In our case the differences detected are as follows:

      summary:
        desiredReady: 1
        modified: 1
        nonReadyResources:
        - bundleState: Modified
          modifiedStatus:
          - apiVersion: admissionregistration.k8s.io/v1
            kind: ValidatingWebhookConfiguration
            name: gatekeeper-validating-webhook-configuration
            patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-audit
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-controller-manager
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

    Based on this summary, there are three objects which need to be patched.

    We will look at these one at a time.

    1. ValidatingWebhookConfiguration:​

    The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

    In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

    From this information, we can see the two ValidatingWebhooks in question are:

      "$setElementOrder/webhooks": [
        {
          "name": "validation.gatekeeper.sh"
        },
        {
          "name": "check-ignore-label.gatekeeper.sh"
        }
      ],

    Within each ValidatingWebhook, the fields that need to be ignore are as follows:

        {
          "clientConfig": {
            "caBundle": "Cg=="
          },
          "name": "validation.gatekeeper.sh",
          "rules": [
            {
              "apiGroups": [
                "*"
              ],
              "apiVersions": [
                "*"
              ],
              "operations": [
                "CREATE",
                "UPDATE"
              ],
              "resources": [
                "*"
              ]
            }
          ]
        },

    and 

        {
         "clientConfig": {
           "caBundle": "Cg=="
         },
         "name": "check-ignore-label.gatekeeper.sh",
         "rules": [
           {
             "apiGroups": [
               ""
             ],
             "apiVersions": [
               "*"
             ],
             "operations": [
               "CREATE",
               "UPDATE"
             ],
             "resources": [
               "namespaces"
             ]
           }
         ]
       }

    In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

    The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

    Based on this information, our diff patch would look as follows:

      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    2. Deployment gatekeeper-controller-manager:​

    The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    3. Deployment gatekeeper-audit:​

    The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    Combining It All Together​

    We can now combine all these patches as follows:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

    Once these are added, the GitRepo should deploy and be in "Active" status.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/cluster-bundles-state.html b/0.5/cluster-bundles-state.html index 2f701ffc2..f4aa982d0 100644 --- a/0.5/cluster-bundles-state.html +++ b/0.5/cluster-bundles-state.html @@ -4,13 +4,13 @@ Cluster and Bundle state | Fleet - +
    -
    Skip to main content
    Version: 0.5

    Cluster and Bundle state

    Clusters and Bundles have different states in each phase of applying Bundles.

    Bundles​

    Ready: Bundles have been deployed and all resources are ready.

    NotReady: Bundles have been deployed and some resources are not ready.

    WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

    ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

    OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

    Pending: Bundles are being processed by Fleet controller.

    Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

    Clusters​

    WaitCheckIn: Waiting for agent to report registration information and cluster status back.

    NotReady: There are bundles in this cluster that are in NotReady state.

    WaitApplied: There are bundles in this cluster that are in WaitApplied state.

    ErrApplied: There are bundles in this cluster that are in ErrApplied state.

    OutOfSync: There are bundles in this cluster that are in OutOfSync state.

    Pending: There are bundles in this cluster that are in Pending state.

    Modified: There are bundles in this cluster that are in Modified state.

    Ready: Bundles in this cluster have been deployed and all resources are ready.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Skip to main content
    Version: 0.5

    Cluster and Bundle state

    Clusters and Bundles have different states in each phase of applying Bundles.

    Bundles​

    Ready: Bundles have been deployed and all resources are ready.

    NotReady: Bundles have been deployed and some resources are not ready.

    WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

    ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

    OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

    Pending: Bundles are being processed by Fleet controller.

    Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

    Clusters​

    WaitCheckIn: Waiting for agent to report registration information and cluster status back.

    NotReady: There are bundles in this cluster that are in NotReady state.

    WaitApplied: There are bundles in this cluster that are in WaitApplied state.

    ErrApplied: There are bundles in this cluster that are in ErrApplied state.

    OutOfSync: There are bundles in this cluster that are in OutOfSync state.

    Pending: There are bundles in this cluster that are in Pending state.

    Modified: There are bundles in this cluster that are in Modified state.

    Ready: Bundles in this cluster have been deployed and all resources are ready.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/cluster-group.html b/0.5/cluster-group.html index 5ce9461ba..c728aa235 100644 --- a/0.5/cluster-group.html +++ b/0.5/cluster-group.html @@ -4,7 +4,7 @@ Cluster Groups | Fleet - + @@ -13,8 +13,8 @@ The only parameter for a cluster group is essentially the selector. When you get to a certain scale cluster groups become a more reasonable way to manage your clusters. Cluster groups serve the purpose of giving aggregated -status of the deployments and then also a simpler way to manage targets.

    A cluster group is created by creating a ClusterGroup resource like below

    kind: ClusterGroup
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: production-group
      namespace: clusters
    spec:
      # This is the standard metav1.LabelSelector format to match clusters by labels
      selector:
        matchLabels:
          env: prod
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +status of the deployments and then also a simpler way to manage targets.

    A cluster group is created by creating a ClusterGroup resource like below

    kind: ClusterGroup
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: production-group
      namespace: clusters
    spec:
      # This is the standard metav1.LabelSelector format to match clusters by labels
      selector:
        matchLabels:
          env: prod
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/cluster-overview.html b/0.5/cluster-overview.html index 2c4e3dd24..061e7dee8 100644 --- a/0.5/cluster-overview.html +++ b/0.5/cluster-overview.html @@ -4,7 +4,7 @@ Overview | Fleet - + @@ -24,8 +24,8 @@ manager must be able to communicate with the downstream cluster API server for t After the cluster is registered there is no further need for the manager to contact the downstream cluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes clusters through GitOps using something like cluster-api -or Rancher.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +or Rancher.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/cluster-tokens.html b/0.5/cluster-tokens.html index 1110c889d..553b32854 100644 --- a/0.5/cluster-tokens.html +++ b/0.5/cluster-tokens.html @@ -4,7 +4,7 @@ Cluster Registration Tokens | Fleet - + @@ -26,8 +26,8 @@ are used in Fleet refer to the documentation on namesp token with the below YAML.

    kind: ClusterRegistrationToken
    apiVersion: "fleet.cattle.io/v1alpha1"
    metadata:
        name: new-token
        namespace: clusters
    spec:
        # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.
        ttl: 240h

    After the ClusterRegistrationToken is created, Fleet will create a corresponding Secret with the same name. As the Secret creation is performed asynchronously, you will need to wait until it's available before using it.

    One way to do so is via the following one-liner:

    while ! kubectl --namespace=clusters  get secret new-token; do sleep 5; done

    Obtaining Token Value (Agent values.yaml)​

    The token value contains YAML content for a values.yaml file that is expected to be passed to helm install to install the Fleet agent on a downstream cluster.

    Such value is contained in the values field of the Secret mentioned above. To obtain the YAML content for the -above example one can run the following one-liner:

    kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml

    Once the values.yaml is ready it can be used repeatedly by clusters to register until the TTL expires.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +above example one can run the following one-liner:

    kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml

    Once the values.yaml is ready it can be used repeatedly by clusters to register until the TTL expires.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/concepts.html b/0.5/concepts.html index 34809c9f9..f5f8f7f75 100644 --- a/0.5/concepts.html +++ b/0.5/concepts.html @@ -4,7 +4,7 @@ Core Concepts | Fleet - + @@ -24,8 +24,8 @@ Regardless of the source the contents are dynamically rendered into a Helm chart and installed into the downstream cluster as a helm release.

  • BundleDeployment: When a Bundle is deployed to a cluster an instance of a Bundle is called a BundleDeployment. A BundleDeployment represents the state of that Bundle on a specific cluster with its cluster specific customizations. The Fleet agent is only aware of BundleDeployment resources that are created for -the cluster the agent is managing.

    • For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click here.

  • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

  • Cluster Registration Token: Tokens used by agents to register a new cluster.

    • Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +the cluster the agent is managing.

  • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

  • Cluster Registration Token: Tokens used by agents to register a new cluster.

    • Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/examples.html b/0.5/examples.html index 43a7c9f9b..c90e0bcce 100644 --- a/0.5/examples.html +++ b/0.5/examples.html @@ -4,14 +4,14 @@ Examples | Fleet - +
    Skip to main content
    Version: 0.5

    Examples

    Lifecycle of a Fleet Bundle​

    To demonstrate the lifecycle of a Fleet bundle, we will use multi-cluster/helm as a case study.

    1. User will create a GitRepo that points to the multi-cluster/helm repository.
    2. The gitjob-controller will sync changes from the GitRepo and detect changes from the polling or webhook event. With every commit change, the gitjob-controller will create a job that clones the git repository, reads content from the repo such as fleet.yaml and other manifests, and creates the Fleet bundle.

    Note: The job pod with the image name rancher/tekton-utils will be under the same namespace as the GitRepo.

    1. The fleet-controller then syncs changes from the bundle. According to the targets, the fleet-controller will create BundleDeployment resources, which are a combination of a bundle and a target cluster.
    2. The fleet-agent will then pull the BundleDeployment from the Fleet controlplane. The agent deploys bundle manifests as a Helm chart from the BundleDeployment into the downstream clusters.
    3. The fleet-agent will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.

    Deploy Kubernetes Manifests Across Clusters with Customization​

    Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.

    To demonstrate how to deploy Kubernetes manifests across different clusters using Fleet, we will use multi-cluster/helm/fleet.yaml as a case study.

    Situation: User has three clusters with three different labels: env=dev, env=test, and env=prod. User wants to deploy a frontend application with a backend database across these clusters.

    Expected behavior:

    • After deploying to the dev cluster, database replication is not enabled.
    • After deploying to the test cluster, database replication is enabled.
    • After deploying to the prod cluster, database replication is enabled and Load balancer services are exposed.

    Advantage of Fleet:

    Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:

    1. Deploy gitRepo https://github.com/rancher/fleet-examples.git and specify the path multi-cluster/helm.
    2. Under multi-cluster/helm, a Helm chart will deploy the frontend app service and backend database service.
    3. The following rule will be defined in fleet.yaml: 
    targetCustomizations:
    - name: dev
      helm:
        values:
          replication: false
      clusterSelector:
        matchLabels:
          env: dev

    - name: test
      helm:
        values:
          replicas: 3
      clusterSelector:
        matchLabels:
          env: test

    - name: prod
      helm:
        values:
          serviceType: LoadBalancer
          replicas: 3
      clusterSelector:
        matchLabels:
          env: prod

    Result:

    Fleet will deploy the Helm chart with your customized values.yaml to the different clusters.

    Note: Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.

    Additional Examples​

    Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations -of the three are in the Fleet Examples repo.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +of the three are in the Fleet Examples repo.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/gitrepo-add.html b/0.5/gitrepo-add.html index 33a9ad300..5e0d4012e 100644 --- a/0.5/gitrepo-add.html +++ b/0.5/gitrepo-add.html @@ -4,15 +4,15 @@ Adding a GitRepo | Fleet - +
    Skip to main content
    Version: 0.5

    Adding a GitRepo

    Proper namespace​

    Git repos are added to the Fleet manager using the GitRepo custom resource type. The GitRepo type is namespaced. By default, Rancher will create two Fleet workspaces: fleet-default and fleet-local.

    • Fleet-default will contain all the downstream clusters that are already registered through Rancher.
    • Fleet-local will contain the local cluster by default.

    Users can create new workspaces and move clusters across workspaces. An example of a special case might be including the local cluster in the GitRepo payload for config maps and secrets (no active deployments or payloads).

    danger

    While it's possible to move clusters out of either workspace, we recommend that you keep the local cluster in fleet-local.

    If you are using Fleet in a single cluster style, the namespace will always be fleet-local. Check here for more on the fleet-local namespace.

    For a multi-cluster style, please ensure you use the correct repo that will map to the right target clusters.

    Create GitRepo instance​

    Git repositories are register by creating a GitRepo following the below YAML sample. Refer to the inline comments as the means of each field

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-repo
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      # This can be a HTTPS or git URL.  If you are using a git URL then
      # clientSecretName will probably need to be set to supply a credential.
      # repo is the only required parameter for a repo to be monitored.
      #
      repo: https://github.com/rancher/fleet-examples

      # Enforce all resources go to this target namespace. If a cluster scoped
      # resource is found the deployment will fail.
      #
      # targetNamespace: app1

      # Any branch can be watched, this field is optional. If not specified the
      # branch is assumed to be master
      #
      # branch: master

      # A specific commit or tag can also be watched.
      #
      # revision: v0.3.0

      # For a private registry you must supply a clientSecretName. A default
      # secret can be set at the namespace level using the GitRepoRestriction
      # type. Secrets must be of the type "kubernetes.io/ssh-auth" or
      # "kubernetes.io/basic-auth". The secret is assumed to be in the
      # same namespace as the GitRepo
      #
      # clientSecretName: my-ssh-key
      #
      # If fleet.yaml contains a private Helm repo that requires authentication,
      # provide the credentials in a K8s secret and specify them here.
      # Danger: the credentials will be sent to all repositories referenced from
      # this gitrepo. See section below for more information.
      #
      # helmSecretName: my-helm-secret
      #
      # To add additional ca-bundle for self-signed certs, caBundle can be
      # filled with base64 encoded pem data. For example:
      # `cat /path/to/ca.pem | base64 -w 0`
      #
      # caBundle: my-ca-bundle
      #
      # Disable SSL verification for git repo
      #
      # insecureSkipTLSVerify: true
      #
      # A git repo can read multiple paths in a repo at once.
      # The below field is expected to be an array of paths and
      # supports path globbing (ex: some/*/path)
      #
      # Example:
      # paths:
      # - single-path
      # - multiple-paths/*
      paths:
      - simple

      # PollingInterval configures how often fleet checks the git repo. The default
      # is 15 seconds.
      # Setting this to zero does not disable polling. It results in a 15s
      # interval, too.
      #
      # pollingInterval: 15

      # Paused  causes changes in Git to not be propagated down to the clusters but
      # instead mark resources as OutOfSync
      #
      # paused: false

      # Increment this number to force a redeployment of contents from Git
      #
      # forceSyncGeneration: 0

      # The service account that will be used to perform this deployment.
      # This is the name of the service account that exists in the
      # downstream cluster in the cattle-fleet-system namespace. It is assumed
      # this service account already exists so it should be create before
      # hand, most likely coming from another git repo registered with
      # the Fleet manager.
      #
      # serviceAccount: moreSecureAccountThanClusterAdmin

      # Target clusters to deploy to if running Fleet in a multi-cluster
      # style. Refer to the "Mapping to Downstream Clusters" docs for
      # more information.
      #
      # targets: ...

    Adding Private Git Repository​

    Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace.

    For example, to generate a private ssh key

    ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"

    Note: The private key format has to be in EC PRIVATE KEY, RSA PRIVATE KEY or PRIVATE KEY and should not contain a passphase.

    Put your private key into secret, use the namespace the GitRepo is in:

    kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key  --type=kubernetes.io/ssh-auth
    caution

    Private key with passphrase is not supported.

    caution

    The key has to be in PEM format.

    Fleet supports putting known_hosts into ssh secret. Here is an example of how to add it:

    Fetch the public key hash(take github as an example)

    ssh-keyscan -H github.com

    And add it into secret:

    apiVersion: v1
    kind: Secret
    metadata:
      name: ssh-key
    type: kubernetes.io/ssh-auth
    stringData:
      ssh-privatekey: <private-key>
      known_hosts: |-
        |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
    danger

    If you don't add it any server's public key will be trusted and added. (ssh -o stricthostkeychecking=accept-new will be used)

    info

    If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.

    Using HTTP Auth​

    Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see HTTP secrets in Github.

    kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat

    Just like with SSH, reference the secret in your GitRepo resource via clientSecretName.

    spec:
      repo: https://github.com/fleetrepoci/gitjob-private.git
      branch: main
      clientSecretName: basic-auth-secret

    Using Private Helm Repositories​

    danger

    The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource. -Make sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.

    For a private Helm repo, users can reference a secret with the following keys:

    1. username and password for basic http auth if the Helm HTTP repo is behind basic auth.

    2. cacerts for custom CA bundle if the Helm repo is using a custom CA.

    3. ssh-privatekey for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.

    For example, to add a secret in kubectl, run

    kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem

    After secret is created, specify the secret to gitRepo.spec.helmSecretName. Make sure secret is created under the same namespace with gitrepo.

    Troubleshooting

    See Fleet Troubleshooting section here.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +Make sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.

    For a private Helm repo, users can reference a secret with the following keys:

    1. username and password for basic http auth if the Helm HTTP repo is behind basic auth.

    2. cacerts for custom CA bundle if the Helm repo is using a custom CA.

    3. ssh-privatekey for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.

    For example, to add a secret in kubectl, run

    kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem

    After secret is created, specify the secret to gitRepo.spec.helmSecretName. Make sure secret is created under the same namespace with gitrepo.

    Troubleshooting

    See Fleet Troubleshooting section here.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/gitrepo-structure.html b/0.5/gitrepo-structure.html index 1fff85c8a..1952b7210 100644 --- a/0.5/gitrepo-structure.html +++ b/0.5/gitrepo-structure.html @@ -4,7 +4,7 @@ Expected Repo Structure | Fleet - + @@ -43,8 +43,8 @@ the contents a file the convention of adding _patch. (notice the tr will be replaced with . from the file name and that will be used as the target. For example deployment_patch.yaml will target deployment.yaml. The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch. Which strategy is used is based on the file content. Even though JSON strategies are used, the files can be written -using YAML syntax.

    Cluster and Bundle state​

    See Cluster and Bundle state.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +using YAML syntax.

    Cluster and Bundle state​

    See Cluster and Bundle state.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/gitrepo-targets.html b/0.5/gitrepo-targets.html index 30bd437ae..e5d600c89 100644 --- a/0.5/gitrepo-targets.html +++ b/0.5/gitrepo-targets.html @@ -4,7 +4,7 @@ Mapping to Downstream Clusters | Fleet - + @@ -18,8 +18,8 @@ One can use cluster selectors, cluster group selectors, or an explicit cluster g the final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the default value it is dropped from the criteria. The default value is either null or "". It is important to realize that the value {} for a selector means "match everything."

    # Match everything
    clusterSelector: {}
    # Selector ignored
    clusterSelector: null

    Default target​

    If no target is set for the GitRepo then the default targets value is applied. The default targets value is as below.

    targets:
    - name: default
      clusterGroup: default

    This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default -and add clusters to it.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +and add clusters to it.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/imagescan.html b/0.5/imagescan.html index a9c5af014..d1c7d08ec 100644 --- a/0.5/imagescan.html +++ b/0.5/imagescan.html @@ -4,15 +4,15 @@ Image scan | Fleet - +
    Skip to main content
    Version: 0.5

    Image scan

    Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository, without the need to manually update your manifests.

    caution

    This feature is considered as experimental feature.

    Go to fleet.yaml and add the following section.

    imageScans:
    # specify the policy to retrieve images, can be semver or alphabetical order 
    - policy: 
        # if range is specified, it will take the latest image according to semver order in the range
        # for more details on how to use semver, see https://github.com/Masterminds/semver
        semver: 
          range: "*" 
        # can use ascending or descending order
        alphabetical:
          order: asc 

      # specify images to scan
      image: "your.registry.com/repo/image" 

      # Specify the tag name, it has to be unique in the same bundle
      tagName: test-scan

      # specify secret to pull image if in private registry
      secretRef:
        name: dockerhub-secret 

      # Specify the scan interval
      interval: 5m
    info

    You can create multiple image scans in fleet.yaml.

    Go to your manifest files and update the field that you want to replace. For example:

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: redis-slave
    spec:
      selector:
        matchLabels:
          app: redis
          role: slave
          tier: backend
      replicas: 2
      template:
        metadata:
          labels:
            app: redis
            role: slave
            tier: backend
        spec:
          containers:
          - name: slave
            image: <image>:<tag> # {"$imagescan": "test-scan"}
            resources:
              requests:
                cpu: 100m
                memory: 100Mi
            ports:
            - containerPort: 6379
    note

    There are multiple form of tagName you can reference. For example

    {"$imagescan": "test-scan"}: Use full image name(foo/bar:tag)

    {"$imagescan": "test-scan:name"}: Only use image name without tag(foo/bar)

    {"$imagescan": "test-scan:tag"}: Only use image tag

    {"$imagescan": "test-scan:digest"}: Use full image name with digest(foo/bar:tag@sha256...)

    Create a GitRepo that includes your fleet.yaml

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: my-repo
      namespace: fleet-local
    spec:
      # change this to be your own repo
      repo: https://github.com/rancher/fleet-examples 
      # define how long it will sync all the images and decide to apply change
      imageScanInterval: 5m 
      # user must properly provide a secret that have write access to git repository
      clientSecretName: secret 
      # specify the commit pattern
      imageScanCommit:
        authorName: foo
        authorEmail: foo@bar.com
        messageTemplate: "update image"

    Try pushing a new image tag, for example, <image>:<new-tag>. Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml. -Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/installation.html b/0.5/installation.html index e7e20efa9..3e29e90be 100644 --- a/0.5/installation.html +++ b/0.5/installation.html @@ -4,7 +4,7 @@ Installation | Fleet - + @@ -13,8 +13,8 @@ Multi-Cluster install. The single cluster install is for if you wish to use GitOps to manage a single cluster, in which case you do not need a centralized manager cluster. In the multi-cluster use case you will setup a centralized manager cluster to which you can register clusters.

    If you are just learning Fleet the single cluster install is the recommended starting -point. After which you can move from single cluster to multi-cluster setup down the line.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +point. After which you can move from single cluster to multi-cluster setup down the line.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/manager-initiated.html b/0.5/manager-initiated.html index 448d3dde8..140eac5e7 100644 --- a/0.5/manager-initiated.html +++ b/0.5/manager-initiated.html @@ -4,7 +4,7 @@ Manager Initiated | Fleet - + @@ -15,8 +15,8 @@ of the kubeconfig secret used in cluster-api. This means you can use cluster-api to create a cluster that is dynamically -registered with Fleet.

    Example​

    Kubeconfig Secret​

    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Cluster​

    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +registered with Fleet.

    Example​

    Kubeconfig Secret​

    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Cluster​

    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/multi-cluster-install.html b/0.5/multi-cluster-install.html index 752f8f988..87ee541d7 100644 --- a/0.5/multi-cluster-install.html +++ b/0.5/multi-cluster-install.html @@ -4,7 +4,7 @@ Multi Cluster Install | Fleet - + @@ -34,9 +34,9 @@ well known CA then omit the --cacert ${API_SERVER_CA} part of the c only because the curl command is not setting proper credentials, but this validates that the TLS connection work and the ca.pem is correct for this URL. If you get a SSL certificate problem then the ca.pem is not correct. The contents of the ${API_SERVER_CA} file should look similar to the below

    -----BEGIN CERTIFICATE-----
    MIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2
    ZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda
    MCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49
    AgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E
    0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE
    AwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs
    ciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN
    KDs/pb3fnMTtpA==
    -----END CERTIFICATE-----

    Once you have validated the API server URL and API server CA parameters, install the following two -Helm charts.

    First install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-crd-0.5.0.tgz

    Second install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        --set apiServerURL="${API_SERVER_URL}" \
        --set-file apiServerCA="${API_SERVER_CA}" \
        fleet https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-0.5.0.tgz

    Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    At this point the Fleet manager should be ready. You can now register clusters and git repos with -the Fleet manager.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +Helm charts.

    First install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-crd-0.5.2.tgz

    Second install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        --set apiServerURL="${API_SERVER_URL}" \
        --set-file apiServerCA="${API_SERVER_CA}" \
        fleet https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-0.5.2.tgz

    Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    At this point the Fleet manager should be ready. You can now register clusters and git repos with +the Fleet manager.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/namespaces.html b/0.5/namespaces.html index 15b9a2b94..df19f9100 100644 --- a/0.5/namespaces.html +++ b/0.5/namespaces.html @@ -4,7 +4,7 @@ Namespaces | Fleet - + @@ -35,8 +35,8 @@ be evaluated against all clusters in all namespaces that match namespaceSe bundles from git by putting labels in the fleet.yaml file or on the metadata.labels field on the GitRepo.

    Restricting GitRepos​

    A namespace can contain multiple GitRepoRestriction resources. All GitRepos created in that namespace will be checked against the list of restrictions. If a GitRepo violates one of the constraints its BundleDeployment will be -in an error state and won't be deployed.

    This can also be used to set the defaults for GitRepo's serviceAccount and clientSecretName fields.

    kind: GitRepoRestriction
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: restriction
      namespace: typically-unique
    allowedClientSecretNames: []
    allowedRepoPatterns: []
    allowedServiceAccounts: []
    defaultClientSecretName: ""
    defaultServiceAccount: ""
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +in an error state and won't be deployed.

    This can also be used to set the defaults for GitRepo's serviceAccount and clientSecretName fields.

    kind: GitRepoRestriction
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: restriction
      namespace: typically-unique
    allowedClientSecretNames: []
    allowedRepoPatterns: []
    allowedServiceAccounts: []
    defaultClientSecretName: ""
    defaultServiceAccount: ""
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/quickstart.html b/0.5/quickstart.html index 940aae22a..177b567b0 100644 --- a/0.5/quickstart.html +++ b/0.5/quickstart.html @@ -4,15 +4,15 @@ Quick Start | Fleet - +
    Skip to main content
    Version: 0.5

    Quick Start

    Who needs documentation, lets just run this thing!

    Install​

    Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure -things to your cluster.

    brew install helm

    Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-crd-0.5.0.tgz
    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-0.5.0.tgz

    Add a Git Repo to watch​

    Change spec.repo to your git repo of choice. Kubernetes manifest files that should -be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be ran in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +things to your cluster.

    brew install helm

    Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-crd-0.5.2.tgz
    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-0.5.2.tgz

    Add a Git Repo to watch​

    Change spec.repo to your git repo of choice. Kubernetes manifest files that should +be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be ran in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/single-cluster-install.html b/0.5/single-cluster-install.html index 4c9139265..abea248a3 100644 --- a/0.5/single-cluster-install.html +++ b/0.5/single-cluster-install.html @@ -4,7 +4,7 @@ Single Cluster Install | Fleet - + @@ -17,9 +17,9 @@ use case for production.

    official install instructions. The TL;DR is

    macOS

    brew install helm

    Windows

    choco install kubernetes-helm

    Kubernetes​

    Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the single cluster use case you will install Fleet to the cluster which you intend to manage with GitOps. -Any Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater.

    Install​

    Install the following two Helm charts.

    First install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-crd-0.5.0.tgz

    Second install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-0.5.0.tgz

    Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by -running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    You can now register some git repos in the fleet-local namespace to start deploying Kubernetes resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +Any Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater.

    Install​

    Install the following two Helm charts.

    First install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-crd-0.5.2.tgz

    Second install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-0.5.2.tgz

    Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by +running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    You can now register some git repos in the fleet-local namespace to start deploying Kubernetes resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/troubleshooting.html b/0.5/troubleshooting.html index 566484ac6..874dca5d7 100644 --- a/0.5/troubleshooting.html +++ b/0.5/troubleshooting.html @@ -4,14 +4,14 @@ Troubleshooting | Fleet - +
    Skip to main content
    Version: 0.5

    Troubleshooting

    This section contains commands and tips to troubleshoot Fleet.

    How Do I...​

    Fetch the log from fleet-controller?​

    In the local management cluster where the fleet-controller is deployed, run the following command with your specific fleet-controller pod name filled in:

    $ kubectl logs -l app=fleet-controller -n cattle-fleet-system

    Fetch the log from the fleet-agent?​

    Go to each downstream cluster and run the following command for the local cluster with your specific fleet-agent pod name filled in:

    # Downstream cluster
    $ kubectl logs -l app=fleet-agent -n cattle-fleet-system
    # Local cluster
    $ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system

    Fetch detailed error logs from GitRepos and Bundles?​

    Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:

    • For more information about the bundle, click on bundle, and the YAML mode will be enabled.
    • For more information about the GitRepo, click on GitRepo, then click on View Yaml in the upper right of the screen. After viewing the YAML, check status.conditions; a detailed error message should be displayed here.
    • Check the fleet-controller for synching errors.
    • Check the fleet-agent log in the downstream cluster if you encounter issues when deploying the bundle.

    Check a chart rendering error in Kustomize?​

    Check the fleet-controller logs and the fleet-agent logs.

    Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?​

    Check the gitjob-controller logs using the following command with your specific gitjob pod name filled in:

    $ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system

    Note that there are two containers inside the pod: the step-git-source container that clones the git repo, and the fleet container that applies bundles based on the git repo.

    The pods will usually have images named rancher/tekton-utils with the gitRepo name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific gitRepoName pod name and namespace:

    $ kubectl logs -f $gitRepoName-pod-name -n namespace

    Check the status of the fleet-controller?​

    You can check the status of the fleet-controller pods by running the commands below:

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    Migrate the local cluster to the Fleet default cluster?​

    For users who want to deploy to the local cluster as well, they may move the cluster from fleet-local to fleet-default in the Rancher UI as follows:

    • To get to Fleet in Rancher, click ☰ > Continuous Delivery.
    • Under the Clusters menu, select the local cluster by checking the box to the left.
    • Select Assign to from the tabs above the cluster.
    • Select fleet-default from the Assign Cluster To dropdown.

    Result: The cluster will be migrated to fleet-default.

    Enable debug logging for fleet-controller and fleet-agent?​

    Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added.

    • Go to the Dashboard, then click on the local cluster in the left navigation menu
    • Select Apps & Marketplace, then Installed Apps from the dropdown
    • From there, you will upgrade the Fleet chart with the value debug=true. You can also set debugLevel=5 if desired.

    Additional Solutions for Other Fleet Issues​

    Naming conventions for CRDs​

    1. For CRD terms like clusters and gitrepos, you must reference the full CRD name. For example, the cluster CRD's complete name is cluster.fleet.cattle.io, and the gitrepo CRD's complete name is gitrepo.fleet.cattle.io.

    2. Bundles, which are created from the GitRepo, follow the pattern $gitrepoName-$path in the same workspace/namespace where the GitRepo was created. Note that $path is the path directory in the git repository that contains the bundle (fleet.yaml).

    3. BundleDeployments, which are created from the bundle, follow the pattern $bundleName-$clusterName in the namespace clusters-$workspace-$cluster-$generateHash. Note that $clusterName is the cluster to which the bundle will be deployed.

    HTTP secrets in Github​

    When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:

    1. Create a personal access token in Github.
    2. In Rancher, create an HTTP secret with your Github username.
    3. Use your token as the secret.

    Fleet fails with bad response code: 403​

    If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your fleet.yaml:

    time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"

    Perform the following steps to assess:

    • Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully
    • Check that your credentials for the git repo are valid

    Helm chart repo: certificate signed by unknown authority​

    If your GitJob returns the error below, you may have added the wrong certificate chain:

    time="2021-11-11T05:55:08Z" level=fatal msg="Get \"https://helm.intra/virtual-helm/index.yaml\": x509: certificate signed by unknown authority"

    Please verify your certificate with the following command:

    context=playground-local
    kubectl get secret -n fleet-default helm-repo -o jsonpath="{['data']['cacerts']}" --context $context | base64 -d | openssl x509 -text -noout
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71
            Signature Algorithm: sha512WithRSAEncryption
            Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3
    ...

    Fleet deployment stuck in modified state​

    When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.

    To ignore the modified flag for the differences between the Helm install generated by fleet.yaml and the resource in your cluster, add a diff.comparePatches to the fleet.yaml for your Deployment, as shown in this example:

    defaultNamespace: <namespace name> 
    helm:  
      releaseName: <release name>  
      repo: <repo name> 
      chart: <chart name>
    diff:  
      comparePatches:  
      - apiVersion: apps/v1
        kind: Deployment
        operations:
        - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}
        - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}
        jsonPointers: # jsonPointers allows to ignore diffs at certain json path
        - "/spec/template/spec/priorityClassName"
        - "/spec/template/spec/tolerations"

    To determine which operations should be removed, observe the logs from fleet-agent on the target cluster. You should see entries similar to the following:

    level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\"spec\":{\"template\":{\"spec\":{\"hostNetwork\":false}}}}"

    Based on the above log, you can add the following entry to remove the operation:

    {"op":"remove", "path":"/spec/template/spec/hostNetwork"}

    GitRepo or Bundle stuck in modified state​

    Modified means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository.

    1. Check the bundle diffs documentation for more information.

    2. You can also force update the gitrepo to perform a manual resync. Select GitRepo on the left navigation bar, then select Force Update.

    Bundle has a Horizontal Pod Autoscaler (HPA) in modified state​

    For bundles with an HPA, the expected state is Modified, as the bundle contains fields that differ from the state of the Bundle at deployment - usually ReplicaSet.

    You must define a patch in the fleet.yaml to ignore this field according to GitRepo or Bundle stuck in modified state.

    Here is an example of such a patch for the deployment nginx in namespace default:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: nginx
        namespace: default
        operations:
        - {"op": "remove", "path": "/spec/replicas"}

    What if the cluster is unavailable, or is in a WaitCheckIn state?​

    You will need to re-import and restart the registration process: Select Cluster on the left navigation bar, then select Force Update

    caution

    WaitCheckIn status for Rancher v2.5: -The cluster will show in WaitCheckIn status because the fleet-controller is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the Rancher docs.

    GitRepo complains with gzip: invalid header​

    When you see an error like the one below ...

    Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header

    ... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +The cluster will show in WaitCheckIn status because the fleet-controller is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the Rancher docs.

    GitRepo complains with gzip: invalid header​

    When you see an error like the one below ...

    Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header

    ... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/uninstall.html b/0.5/uninstall.html index 52bfd43ee..a31cb20e0 100644 --- a/0.5/uninstall.html +++ b/0.5/uninstall.html @@ -4,15 +4,15 @@ Uninstall | Fleet - +
    Skip to main content
    Version: 0.5

    Uninstall

    Fleet is packaged as two Helm charts so uninstall is accomplished by uninstalling the appropriate Helm charts. To uninstall Fleet run the following -two commands:

    helm -n cattle-fleet-system uninstall fleet
    helm -n cattle-fleet-system uninstall fleet-crd
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +two commands:

    helm -n cattle-fleet-system uninstall fleet
    helm -n cattle-fleet-system uninstall fleet-crd
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/0.5/webhook.html b/0.5/webhook.html index b571cf412..d92dbbff8 100644 --- a/0.5/webhook.html +++ b/0.5/webhook.html @@ -4,7 +4,7 @@ Webhook | Fleet - + @@ -12,8 +12,8 @@
    Skip to main content
    Version: 0.5

    Webhook

    By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github, GitLab, Bitbucket, Bitbucket Server and Gogs.

    1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.​

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: webhook-ingress
      namespace: cattle-fleet-system
    spec:
      rules:
      - host: your.domain.com
        http:
          paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: gitjob
                  port:
                    number: 80
    info

    You can configure TLS on ingress.

    2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.​

    Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default. If your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the -secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/404.html b/404.html index 8f474bfcf..2589d0755 100644 --- a/404.html +++ b/404.html @@ -4,13 +4,13 @@ Page Not Found | Fleet - +
    Skip to main content

    Page Not Found

    We could not find what you were looking for.

    Please contact the owner of the site that linked you to the original URL and let them know their link is broken.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - + \ No newline at end of file diff --git a/advanced-users.html b/advanced-users.html index c61e0db90..c3c2c85fb 100644 --- a/advanced-users.html +++ b/advanced-users.html @@ -4,13 +4,13 @@ Advanced Users | Fleet - +
    -
    Skip to main content
    Version: Next 🚧

    Advanced Users

    Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.

    The following are examples of advanced use cases:

    Please refer to the installation and the uninstall documentation for additional information.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Skip to main content
    Version: Next 🚧

    Advanced Users

    Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.

    The following are examples of advanced use cases:

    Please refer to the installation and the uninstall documentation for additional information.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/agent-initiated.html b/agent-initiated.html index 78fda2d1e..1bc72b7a6 100644 --- a/agent-initiated.html +++ b/agent-initiated.html @@ -4,7 +4,7 @@ Agent Initiated | Fleet - + @@ -24,7 +24,7 @@ by looking up the default ServiceAccount secret name (typically prefixed with ca.crt     key.

    caution

    Use proper namespace and release name: For the agent chart the namespace must be cattle-fleet-system and the release name fleet-agent

    danger

    Ensure you are installing to the right cluster: Helm will use the default context in ${HOME}/.kube/config to deploy the agent. Use --kubeconfig and --kube-context -to change which cluster Helm is installing to.

    Finally, install the agent using Helm.

    helm -n cattle-fleet-system install --create-namespace --wait \
        $CLUSTER_LABELS \
        --values values.yaml \
        --set apiServerCA="$API_SERVER_CA_DATA" \
        --set apiServerURL="$API_SERVER_URL" \
        fleet-agent https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-agent-0.6.0-alpha2.tgz

    The agent should now be deployed. You can check that status of the fleet pods by running the below commands.

    # Ensure kubectl is pointing to the right cluster
    kubectl -n cattle-fleet-system logs -l app=fleet-agent
    kubectl -n cattle-fleet-system get pods -l app=fleet-agent

    Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster +to change which cluster Helm is installing to.

    Finally, install the agent using Helm.

    helm -n cattle-fleet-system install --create-namespace --wait \
        $CLUSTER_LABELS \
        --values values.yaml \
        --set apiServerCA="$API_SERVER_CA_DATA" \
        --set apiServerURL="$API_SERVER_URL" \
        fleet-agent https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-agent-0.6.0-rc.4.tgz

    The agent should now be deployed. You can check that status of the fleet pods by running the below commands.

    # Ensure kubectl is pointing to the right cluster
    kubectl -n cattle-fleet-system logs -l app=fleet-agent
    kubectl -n cattle-fleet-system get pods -l app=fleet-agent

    Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster was registered in the clusters namespace. Please ensure your ${HOME}/.kube/config is pointed to the Fleet manager to run this command.

    kubectl -n clusters get clusters.fleet.cattle.io
    NAME                   BUNDLES-READY   NODES-READY   SAMPLE-NODE             LAST-SEEN              STATUS
    cluster-ab13e54400f1   1/1             1/1           k3d-cluster2-server-0   2020-08-31T19:23:10Z

    Install agent for a predefined Cluster​

    Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them. A client ID is not required and is just one approach to managing clusters. @@ -37,10 +37,10 @@ client ID.

    The Fleet agent is installed as a Helm chart. The only paramete is represented by the values.yaml file and the client ID. The client ID is optional.

    First, create a Cluster in the Fleet Manager with the random client ID you have chosen.

    kind: Cluster
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: my-cluster
      namespace: clusters
    spec:
      clientID: "really-random"

    Second, follow the cluster registration token page to obtain the values.yaml file to be used.

    Third, setup your environment to use the client ID.

    CLUSTER_CLIENT_ID="really-random"
    note

    Use proper namespace and release name: For the agent chart the namespace must be cattle-fleet-system and the release name fleet-agent

    note

    Ensure you are installing to the right cluster: Helm will use the default context in ${HOME}/.kube/config to deploy the agent. Use --kubeconfig and --kube-context -to change which cluster Helm is installing to.

    Finally, install the agent using Helm.

    helm -n cattle-fleet-system install --create-namespace --wait \
        --set clientID="$CLUSTER_CLIENT_ID" \
        --values values.yaml \
        fleet-agent https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-agent-0.6.0-alpha2.tgz

    The agent should now be deployed. You can check that status of the fleet pods by running the below commands.

    # Ensure kubectl is pointing to the right cluster
    kubectl -n cattle-fleet-system logs -l app=fleet-agent
    kubectl -n cattle-fleet-system get pods -l app=fleet-agent

    Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster +to change which cluster Helm is installing to.

    Finally, install the agent using Helm.

    helm -n cattle-fleet-system install --create-namespace --wait \
        --set clientID="$CLUSTER_CLIENT_ID" \
        --values values.yaml \
        fleet-agent https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-agent-0.6.0-rc.4.tgz

    The agent should now be deployed. You can check that status of the fleet pods by running the below commands.

    # Ensure kubectl is pointing to the right cluster
    kubectl -n cattle-fleet-system logs -l app=fleet-agent
    kubectl -n cattle-fleet-system get pods -l app=fleet-agent

    Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster was registered in the clusters namespace. Please ensure your ${HOME}/.kube/config is pointed to the Fleet -manager to run this command.

    kubectl -n clusters get clusters.fleet.cattle.io
    NAME                   BUNDLES-READY   NODES-READY   SAMPLE-NODE             LAST-SEEN              STATUS
    my-cluster             1/1             1/1           k3d-cluster2-server-0   2020-08-31T19:23:10Z
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +manager to run this command.

    kubectl -n clusters get clusters.fleet.cattle.io
    NAME                   BUNDLES-READY   NODES-READY   SAMPLE-NODE             LAST-SEEN              STATUS
    my-cluster             1/1             1/1           k3d-cluster2-server-0   2020-08-31T19:23:10Z
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/architecture.html b/architecture.html index b84f1c9dd..043687696 100644 --- a/architecture.html +++ b/architecture.html @@ -4,7 +4,7 @@ Architecture | Fleet - + @@ -28,8 +28,8 @@ The cluster registration token is used only during the registration process to g to that cluster. After the cluster credential is established the cluster "forgets" the cluster registration token.

    The service accounts given to the clusters only have privileges to list BundleDeployment in the namespace created specifically for that cluster. It can also update the status subresource of BundleDeployment and the status -subresource of it's Cluster resource.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +subresource of it's Cluster resource.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/assets/js/01b4035b.a901e160.js b/assets/js/01b4035b.1d4437bb.js similarity index 99% rename from assets/js/01b4035b.a901e160.js rename to assets/js/01b4035b.1d4437bb.js index 1f38accd5..823cae79f 100644 --- a/assets/js/01b4035b.a901e160.js +++ b/assets/js/01b4035b.1d4437bb.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8002],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function s(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(s[a]=e[a]);return s}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(s[a]=e[a])}return s}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,s=e.mdxType,l=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=s,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||l;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,s=t&&t.mdxType;if("string"==typeof e||s){var l=a.length,r=new Array(l);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:s,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),s=(a(7294),a(3905));const l={},r="Namespaces",i={unversionedId:"namespaces",id:"namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/docs/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/namespaces.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Groups",permalink:"/cluster-group"},next:{title:"Multi Tenancy",permalink:"/multi-tenancy"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local (local workspace, cluster registration namespace)",id:"fleet-local-local-workspace-cluster-registration-namespace",level:3},{value:"cattle-fleet-system (system namespace)",id:"cattle-fleet-system-system-namespace",level:3},{value:"cattle-fleet-clusters-system (system registration namespace)",id:"cattle-fleet-clusters-system-system-registration-namespace",level:3},{value:"Cluster namespaces",id:"cluster-namespaces",level:3},{value:"Cross namespace deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2},{value:"AllowedTargetNamespaces",id:"allowedtargetnamespaces",level:3}],c={toc:p};function m(e){let{components:t,...a}=e;return(0,s.kt)("wrapper",(0,n.Z)({},c,a,{components:t,mdxType:"MDXLayout"}),(0,s.kt)("h1",{id:"namespaces"},"Namespaces"),(0,s.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,s.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,s.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,s.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,s.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,s.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,s.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,s.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,s.kt)("h3",{id:"fleet-local-local-workspace-cluster-registration-namespace"},"fleet-local (local workspace, cluster registration namespace)"),(0,s.kt)("p",null,"The ",(0,s.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,s.kt)("p",null,"When fleet is installed the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,s.kt)("p",null,(0,s.kt)("strong",{parentName:"p"},"Note:")," If you would like to migrate your cluster from ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),", please see this ",(0,s.kt)("a",{parentName:"p",href:"/troubleshooting#migrate-the-local-cluster-to-the-fleet-default-cluster"},"documentation"),"."),(0,s.kt)("h3",{id:"cattle-fleet-system-system-namespace"},"cattle-fleet-system (system namespace)"),(0,s.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,s.kt)("h3",{id:"cattle-fleet-clusters-system-system-registration-namespace"},"cattle-fleet-clusters-system (system registration namespace)"),(0,s.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,s.kt)("h3",{id:"cluster-namespaces"},"Cluster namespaces"),(0,s.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces are named in the form ",(0,s.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,s.kt)("h2",{id:"cross-namespace-deployments"},"Cross namespace deployments"),(0,s.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,s.kt)("p",null,"If you are creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,s.kt)("p",null,"A ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,s.kt)("p",null,"If the ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,s.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,s.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,s.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,s.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,s.kt)("p",null,"A namespace can contain multiple ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,s.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,s.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\nallowedTargetNamespaces: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')),(0,s.kt)("h3",{id:"allowedtargetnamespaces"},"AllowedTargetNamespaces"),(0,s.kt)("p",null,"This can be used to limit a deployment to a set of namespaces on a downstream cluster.\nIf an allowedTargetNamespaces restriction is present, all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," must\nspecify a ",(0,s.kt)("inlineCode",{parentName:"p"},"targetNamespace")," and the specified namespace must be in the allow\nlist.\nThis also prevents the creation of cluster wide resources."))}m.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8002],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function s(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(s[a]=e[a]);return s}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(s[a]=e[a])}return s}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,s=e.mdxType,l=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=s,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||l;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,s=t&&t.mdxType;if("string"==typeof e||s){var l=a.length,r=new Array(l);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:s,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),s=(a(7294),a(3905));const l={},r="Namespaces",i={unversionedId:"namespaces",id:"namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/docs/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/namespaces.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Groups",permalink:"/cluster-group"},next:{title:"Multi Tenancy",permalink:"/multi-tenancy"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local (local workspace, cluster registration namespace)",id:"fleet-local-local-workspace-cluster-registration-namespace",level:3},{value:"cattle-fleet-system (system namespace)",id:"cattle-fleet-system-system-namespace",level:3},{value:"cattle-fleet-clusters-system (system registration namespace)",id:"cattle-fleet-clusters-system-system-registration-namespace",level:3},{value:"Cluster namespaces",id:"cluster-namespaces",level:3},{value:"Cross namespace deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2},{value:"AllowedTargetNamespaces",id:"allowedtargetnamespaces",level:3}],c={toc:p};function m(e){let{components:t,...a}=e;return(0,s.kt)("wrapper",(0,n.Z)({},c,a,{components:t,mdxType:"MDXLayout"}),(0,s.kt)("h1",{id:"namespaces"},"Namespaces"),(0,s.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,s.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,s.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,s.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,s.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,s.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,s.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,s.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,s.kt)("h3",{id:"fleet-local-local-workspace-cluster-registration-namespace"},"fleet-local (local workspace, cluster registration namespace)"),(0,s.kt)("p",null,"The ",(0,s.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,s.kt)("p",null,"When fleet is installed the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,s.kt)("p",null,(0,s.kt)("strong",{parentName:"p"},"Note:")," If you would like to migrate your cluster from ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),", please see this ",(0,s.kt)("a",{parentName:"p",href:"/troubleshooting#migrate-the-local-cluster-to-the-fleet-default-cluster"},"documentation"),"."),(0,s.kt)("h3",{id:"cattle-fleet-system-system-namespace"},"cattle-fleet-system (system namespace)"),(0,s.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,s.kt)("h3",{id:"cattle-fleet-clusters-system-system-registration-namespace"},"cattle-fleet-clusters-system (system registration namespace)"),(0,s.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,s.kt)("h3",{id:"cluster-namespaces"},"Cluster namespaces"),(0,s.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces are named in the form ",(0,s.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,s.kt)("h2",{id:"cross-namespace-deployments"},"Cross namespace deployments"),(0,s.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,s.kt)("p",null,"If you are creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,s.kt)("p",null,"A ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,s.kt)("p",null,"If the ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,s.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,s.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,s.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,s.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,s.kt)("p",null,"A namespace can contain multiple ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,s.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,s.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\nallowedTargetNamespaces: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')),(0,s.kt)("h3",{id:"allowedtargetnamespaces"},"AllowedTargetNamespaces"),(0,s.kt)("p",null,"This can be used to limit a deployment to a set of namespaces on a downstream cluster.\nIf an allowedTargetNamespaces restriction is present, all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," must\nspecify a ",(0,s.kt)("inlineCode",{parentName:"p"},"targetNamespace")," and the specified namespace must be in the allow\nlist.\nThis also prevents the creation of cluster wide resources."))}m.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/0252b8ff.8c70c19c.js b/assets/js/0252b8ff.3418e11e.js similarity index 99% rename from assets/js/0252b8ff.8c70c19c.js rename to assets/js/0252b8ff.3418e11e.js index 7e44d2b24..83a6c4525 100644 --- a/assets/js/0252b8ff.8c70c19c.js +++ b/assets/js/0252b8ff.3418e11e.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4311],{3905:(e,t,a)=>{a.d(t,{Zo:()=>u,kt:()=>m});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var s=n.createContext({}),p=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},u=function(e){var t=p(e.components);return n.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),c=p(a),m=r,h=c["".concat(s,".").concat(m)]||c[m]||d[m]||l;return a?n.createElement(h,o(o({ref:t},u),{},{components:a})):n.createElement(h,o({ref:t},u))}));function m(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=a.length,o=new Array(l);o[0]=c;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),r=(a(7294),a(3905));const l={},o="Expected Repo Structure",i={unversionedId:"gitrepo-structure",id:"version-0.4/gitrepo-structure",title:"Expected Repo Structure",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/versioned_docs/version-0.4/gitrepo-structure.md",sourceDirName:".",slug:"/gitrepo-structure",permalink:"/0.4/gitrepo-structure",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/gitrepo-structure.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Adding a GitRepo",permalink:"/0.4/gitrepo-add"},next:{title:"Mapping to Downstream Clusters",permalink:"/0.4/gitrepo-targets"}},s={},p=[{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Reference",id:"reference",level:3},{value:"Private Helm Repositories",id:"private-helm-repositories",level:3},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle state",id:"cluster-and-bundle-state",level:2}],u={toc:p};function d(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"expected-repo-structure"},"Expected Repo Structure"),(0,r.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,r.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,r.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,r.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,r.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,r.kt)("p",null,"Multiple paths can be defined for a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,r.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"File"),(0,r.kt)("th",{parentName:"tr",align:null},"Location"),(0,r.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,r.kt)("a",{parentName:"td",href:"/0.4/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"}," *.yaml ")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If a ",(0,r.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,r.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")),(0,r.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,r.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,r.kt)("h2",{id:"fleetyaml"},(0,r.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,r.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,r.kt)("h3",{id:"reference"},"Reference"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,r.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,r.kt)("ul",{parentName:"admonition"},(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,r.kt)("inlineCode",{parentName:"p"},"helmValues")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),".")))),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n variableName: global.fleet.clusterLabels.LABELNAME\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets defined in the downstream clusters\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default \n key: values.yaml\n secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n\n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector: agroup\n \n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. \n clusterName: dev-cluster \n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n - name: one-multi-cluster-hello-world\n')),(0,r.kt)("h3",{id:"private-helm-repositories"},"Private Helm Repositories"),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,r.kt)("a",{parentName:"p",href:"gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,r.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,r.kt)("p",null,"These examples showcase the style and format for using ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in downstream clusters."),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata: \n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,r.kt)("p",null,"There are three approaches to matching clusters for both ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,r.kt)("p",null,"When using Kustomize or Helm the ",(0,r.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,r.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file we be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,r.kt)("p",null,"A file named ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents a file the convention of adding ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,r.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,r.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"/0.4/cluster-bundles-state"},"Cluster and Bundle state"),"."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4311],{3905:(e,t,a)=>{a.d(t,{Zo:()=>u,kt:()=>m});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var s=n.createContext({}),p=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},u=function(e){var t=p(e.components);return n.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),c=p(a),m=r,h=c["".concat(s,".").concat(m)]||c[m]||d[m]||l;return a?n.createElement(h,o(o({ref:t},u),{},{components:a})):n.createElement(h,o({ref:t},u))}));function m(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=a.length,o=new Array(l);o[0]=c;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),r=(a(7294),a(3905));const l={},o="Expected Repo Structure",i={unversionedId:"gitrepo-structure",id:"version-0.4/gitrepo-structure",title:"Expected Repo Structure",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/versioned_docs/version-0.4/gitrepo-structure.md",sourceDirName:".",slug:"/gitrepo-structure",permalink:"/0.4/gitrepo-structure",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/gitrepo-structure.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Adding a GitRepo",permalink:"/0.4/gitrepo-add"},next:{title:"Mapping to Downstream Clusters",permalink:"/0.4/gitrepo-targets"}},s={},p=[{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Reference",id:"reference",level:3},{value:"Private Helm Repositories",id:"private-helm-repositories",level:3},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle state",id:"cluster-and-bundle-state",level:2}],u={toc:p};function d(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"expected-repo-structure"},"Expected Repo Structure"),(0,r.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,r.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,r.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,r.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,r.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,r.kt)("p",null,"Multiple paths can be defined for a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,r.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"File"),(0,r.kt)("th",{parentName:"tr",align:null},"Location"),(0,r.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,r.kt)("a",{parentName:"td",href:"/0.4/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"}," *.yaml ")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If a ",(0,r.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,r.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")),(0,r.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,r.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,r.kt)("h2",{id:"fleetyaml"},(0,r.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,r.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,r.kt)("h3",{id:"reference"},"Reference"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,r.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,r.kt)("ul",{parentName:"admonition"},(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,r.kt)("inlineCode",{parentName:"p"},"helmValues")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),".")))),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n variableName: global.fleet.clusterLabels.LABELNAME\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets defined in the downstream clusters\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default \n key: values.yaml\n secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n\n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector: agroup\n \n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. \n clusterName: dev-cluster \n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n - name: one-multi-cluster-hello-world\n')),(0,r.kt)("h3",{id:"private-helm-repositories"},"Private Helm Repositories"),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,r.kt)("a",{parentName:"p",href:"gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,r.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,r.kt)("p",null,"These examples showcase the style and format for using ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in downstream clusters."),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata: \n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,r.kt)("p",null,"There are three approaches to matching clusters for both ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,r.kt)("p",null,"When using Kustomize or Helm the ",(0,r.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,r.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file we be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,r.kt)("p",null,"A file named ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents a file the convention of adding ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,r.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,r.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"/0.4/cluster-bundles-state"},"Cluster and Bundle state"),"."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/07db75e5.a048c636.js b/assets/js/07db75e5.a048c636.js new file mode 100644 index 000000000..760ef36ac --- /dev/null +++ b/assets/js/07db75e5.a048c636.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7966],{6828:(e,t,n)=>{n.d(t,{d:()=>a});const a={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-0.5.2.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-agent-0.5.2.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-crd-0.5.2.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-0.6.0-rc.4.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-agent-0.6.0-rc.4.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-crd-0.6.0-rc.4.tgz"}}},8469:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>h,frontMatter:()=>s,metadata:()=>p,toc:()=>d});var a=n(7462),l=(n(7294),n(3905)),i=n(6828),r=n(814);const s={},o="Agent Initiated",p={unversionedId:"agent-initiated",id:"version-0.5/agent-initiated",title:"Agent Initiated",description:"Refer to the overview page for a background information on the agent initiated registration style.",source:"@site/versioned_docs/version-0.5/agent-initiated.md",sourceDirName:".",slug:"/agent-initiated",permalink:"/0.5/agent-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/agent-initiated.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Tokens",permalink:"/0.5/cluster-tokens"},next:{title:"Manager Initiated",permalink:"/0.5/manager-initiated"}},c={},d=[{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:2},{value:"Install agent for a new Cluster",id:"install-agent-for-a-new-cluster",level:2},{value:"Install agent for a predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:2}],u={toc:d};function h(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"agent-initiated"},"Agent Initiated"),(0,l.kt)("p",null,"Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the agent initiated registration style."),(0,l.kt)("h2",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,l.kt)("p",null,"A downstream cluster is registered using the ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,l.kt)("strong",{parentName:"p"},"client ID")," or ",(0,l.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required. Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token page")," for more information\non how to create tokens and obtain the values. The cluster registration token is manifested as a ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will\nbe passed to the ",(0,l.kt)("inlineCode",{parentName:"p"},"helm install")," process."),(0,l.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,l.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,l.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,l.kt)("h2",{id:"install-agent-for-a-new-cluster"},"Install agent for a new Cluster"),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,l.kt)("p",null,"First, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,l.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,l.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,l.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,l.kt)("p",null,"Value in ",(0,l.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,l.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,l.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"warning"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent'," ",i.d["v0.5"].fleetAgent),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.5/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,l.kt)("h2",{id:"install-agent-for-a-predefined-cluster"},"Install agent for a predefined Cluster"),(0,l.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,l.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,l.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,l.kt)("p",null,"First, create a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,l.kt)("p",null,"Second, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,l.kt)("p",null,"Third, setup your environment to use the client ID."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent'," ",i.d["v0.5"].fleetAgent),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.5/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")))}h.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/07db75e5.d2ad1d18.js b/assets/js/07db75e5.d2ad1d18.js deleted file mode 100644 index 9eadbb01e..000000000 --- a/assets/js/07db75e5.d2ad1d18.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7966],{6828:(e,t,n)=>{n.d(t,{d:()=>a});const a={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-0.5.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-agent-0.5.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-crd-0.5.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-0.6.0-alpha2.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-agent-0.6.0-alpha2.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-crd-0.6.0-alpha2.tgz"}}},8469:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>h,frontMatter:()=>s,metadata:()=>p,toc:()=>d});var a=n(7462),l=(n(7294),n(3905)),i=n(6828),r=n(814);const s={},o="Agent Initiated",p={unversionedId:"agent-initiated",id:"version-0.5/agent-initiated",title:"Agent Initiated",description:"Refer to the overview page for a background information on the agent initiated registration style.",source:"@site/versioned_docs/version-0.5/agent-initiated.md",sourceDirName:".",slug:"/agent-initiated",permalink:"/0.5/agent-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/agent-initiated.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Tokens",permalink:"/0.5/cluster-tokens"},next:{title:"Manager Initiated",permalink:"/0.5/manager-initiated"}},c={},d=[{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:2},{value:"Install agent for a new Cluster",id:"install-agent-for-a-new-cluster",level:2},{value:"Install agent for a predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:2}],u={toc:d};function h(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"agent-initiated"},"Agent Initiated"),(0,l.kt)("p",null,"Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the agent initiated registration style."),(0,l.kt)("h2",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,l.kt)("p",null,"A downstream cluster is registered using the ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,l.kt)("strong",{parentName:"p"},"client ID")," or ",(0,l.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required. Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token page")," for more information\non how to create tokens and obtain the values. The cluster registration token is manifested as a ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will\nbe passed to the ",(0,l.kt)("inlineCode",{parentName:"p"},"helm install")," process."),(0,l.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,l.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,l.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,l.kt)("h2",{id:"install-agent-for-a-new-cluster"},"Install agent for a new Cluster"),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,l.kt)("p",null,"First, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,l.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,l.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,l.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,l.kt)("p",null,"Value in ",(0,l.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,l.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,l.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"warning"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent'," ",i.d["v0.5"].fleetAgent),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.5/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,l.kt)("h2",{id:"install-agent-for-a-predefined-cluster"},"Install agent for a predefined Cluster"),(0,l.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,l.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,l.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,l.kt)("p",null,"First, create a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,l.kt)("p",null,"Second, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,l.kt)("p",null,"Third, setup your environment to use the client ID."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent'," ",i.d["v0.5"].fleetAgent),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.5/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")))}h.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/09d5ad39.10ff5ffa.js b/assets/js/09d5ad39.c5694cdf.js similarity index 98% rename from assets/js/09d5ad39.10ff5ffa.js rename to assets/js/09d5ad39.c5694cdf.js index 95f068cc4..8991552fc 100644 --- a/assets/js/09d5ad39.10ff5ffa.js +++ b/assets/js/09d5ad39.c5694cdf.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3030],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var l=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);t&&(l=l.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,l)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(l=0;l=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=l.createContext({}),p=function(e){var t=l.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return l.createElement(s.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return l.createElement(l.Fragment,{},t)}},u=l.forwardRef((function(e,t){var n=e.components,a=e.mdxType,r=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),u=p(n),d=a,h=u["".concat(s,".").concat(d)]||u[d]||m[d]||r;return n?l.createElement(h,o(o({ref:t},c),{},{components:n})):l.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var r=n.length,o=new Array(r);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>m,frontMatter:()=>r,metadata:()=>i,toc:()=>p});var l=n(7462),a=(n(7294),n(3905));const r={},o="Examples",i={unversionedId:"examples",id:"examples",title:"Examples",description:"Lifecycle of a Fleet Bundle",source:"@site/docs/examples.md",sourceDirName:".",slug:"/examples",permalink:"/examples",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/examples.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/architecture"},next:{title:"Overview",permalink:"/cluster-overview"}},s={},p=[{value:"Lifecycle of a Fleet Bundle",id:"lifecycle-of-a-fleet-bundle",level:3},{value:"Deploy Kubernetes Manifests Across Clusters with Customization",id:"deploy-kubernetes-manifests-across-clusters-with-customization",level:3},{value:"Additional Examples",id:"additional-examples",level:3}],c={toc:p};function m(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,l.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"examples"},"Examples"),(0,a.kt)("h3",{id:"lifecycle-of-a-fleet-bundle"},"Lifecycle of a Fleet Bundle"),(0,a.kt)("p",null,"To demonstrate the lifecycle of a Fleet bundle, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"User will create a ",(0,a.kt)("a",{parentName:"li",href:"/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,a.kt)("a",{parentName:"li",href:"/webhook"},"webhook event"),". With every commit change, the ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,a.kt)("a",{parentName:"li",href:"/cluster-bundles-state#bundles"},"bundle"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,a.kt)("ol",{start:3},(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,a.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,a.kt)("h3",{id:"deploy-kubernetes-manifests-across-clusters-with-customization"},"Deploy Kubernetes Manifests Across Clusters with Customization"),(0,a.kt)("p",null,(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,a.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters using Fleet, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml")," as a case study."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,a.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,a.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,a.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Expected behavior:")," "),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,a.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,a.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,a.kt)("li",{parentName:"ol"},"Under ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,a.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),": ")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result:")),(0,a.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,a.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,a.kt)("h3",{id:"additional-examples"},"Additional Examples"),(0,a.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}m.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3030],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var l=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);t&&(l=l.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,l)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(l=0;l=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=l.createContext({}),p=function(e){var t=l.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return l.createElement(s.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return l.createElement(l.Fragment,{},t)}},u=l.forwardRef((function(e,t){var n=e.components,a=e.mdxType,r=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),u=p(n),d=a,h=u["".concat(s,".").concat(d)]||u[d]||m[d]||r;return n?l.createElement(h,o(o({ref:t},c),{},{components:n})):l.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var r=n.length,o=new Array(r);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>m,frontMatter:()=>r,metadata:()=>i,toc:()=>p});var l=n(7462),a=(n(7294),n(3905));const r={},o="Examples",i={unversionedId:"examples",id:"examples",title:"Examples",description:"Lifecycle of a Fleet Bundle",source:"@site/docs/examples.md",sourceDirName:".",slug:"/examples",permalink:"/examples",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/examples.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/architecture"},next:{title:"Overview",permalink:"/cluster-overview"}},s={},p=[{value:"Lifecycle of a Fleet Bundle",id:"lifecycle-of-a-fleet-bundle",level:3},{value:"Deploy Kubernetes Manifests Across Clusters with Customization",id:"deploy-kubernetes-manifests-across-clusters-with-customization",level:3},{value:"Additional Examples",id:"additional-examples",level:3}],c={toc:p};function m(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,l.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"examples"},"Examples"),(0,a.kt)("h3",{id:"lifecycle-of-a-fleet-bundle"},"Lifecycle of a Fleet Bundle"),(0,a.kt)("p",null,"To demonstrate the lifecycle of a Fleet bundle, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"User will create a ",(0,a.kt)("a",{parentName:"li",href:"/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,a.kt)("a",{parentName:"li",href:"/webhook"},"webhook event"),". With every commit change, the ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,a.kt)("a",{parentName:"li",href:"/cluster-bundles-state#bundles"},"bundle"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,a.kt)("ol",{start:3},(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,a.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,a.kt)("h3",{id:"deploy-kubernetes-manifests-across-clusters-with-customization"},"Deploy Kubernetes Manifests Across Clusters with Customization"),(0,a.kt)("p",null,(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,a.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters using Fleet, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml")," as a case study."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,a.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,a.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,a.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Expected behavior:")," "),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,a.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,a.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,a.kt)("li",{parentName:"ol"},"Under ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,a.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),": ")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result:")),(0,a.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,a.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,a.kt)("h3",{id:"additional-examples"},"Additional Examples"),(0,a.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}m.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/0a06c365.30eeb095.js b/assets/js/0a06c365.30eeb095.js new file mode 100644 index 000000000..27c102f59 --- /dev/null +++ b/assets/js/0a06c365.30eeb095.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1371],{6828:(e,t,n)=>{n.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-0.5.2.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-agent-0.5.2.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-crd-0.5.2.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-0.6.0-rc.4.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-agent-0.6.0-rc.4.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-crd-0.6.0-rc.4.tgz"}}},2615:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>o,default:()=>m,frontMatter:()=>i,metadata:()=>c,toc:()=>p});var l=n(7462),a=(n(7294),n(3905)),r=n(6828),s=n(814);const i={},o="Multi Cluster Install",c={unversionedId:"multi-cluster-install",id:"version-0.5/multi-cluster-install",title:"Multi Cluster Install",description:"Note: Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under Continuous Delivery on Rancher.",source:"@site/versioned_docs/version-0.5/multi-cluster-install.md",sourceDirName:".",slug:"/multi-cluster-install",permalink:"/0.5/multi-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/multi-cluster-install.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Single Cluster Install",permalink:"/0.5/single-cluster-install"},next:{title:"Uninstall",permalink:"/0.5/uninstall"}},u={},p=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:2},{value:"Install",id:"install",level:2}],d={toc:p};function m(e){let{components:t,...i}=e;return(0,a.kt)("wrapper",(0,l.Z)({},d,i,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"multi-cluster-install"},"Multi Cluster Install"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Note:")," Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,a.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Warning:")," The multi-cluster install described below is ",(0,a.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA. "),(0,a.kt)("p",null,"In the below use case, you will setup a centralized Fleet manager. The centralized Fleet manager is a\nKubernetes cluster running the Fleet controllers. After installing the Fleet manager, you will then\nneed to register remote downstream clusters with the Fleet manager."),(0,a.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,a.kt)("h3",{id:"helm-3"},"Helm 3"),(0,a.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,a.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,a.kt)("p",null,"macOS"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,a.kt)("p",null,"Windows"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,a.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,a.kt)("p",null,"The Fleet manager is a controller running on a Kubernetes cluster so an existing cluster is required. All\ndownstream cluster that will be managed will need to communicate to this central Kubernetes cluster. This\nmeans the Kubernetes API server URL must be accessible to the downstream clusters. Any Kubernetes community\nsupported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,a.kt)("h2",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,a.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,a.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config"),"). The ",(0,a.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,a.kt)("p",null,"Please note that the ",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,a.kt)("p",null,"If you have ",(0,a.kt)("inlineCode",{parentName:"p"},"jq")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"base64")," available then this one-liners will pull all CA certificates from your\n",(0,a.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," and place then in a file named ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem"),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n")),(0,a.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')),(0,a.kt)("h2",{id:"install"},"Install"),(0,a.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,a.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,a.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,a.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,a.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,a.kt)("p",null,"Run the following commands"),(0,a.kt)("p",null,"Setup the environment with your specific values."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,a.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,a.kt)("p",null,"First validate the server URL is correct."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fLk ${API_SERVER_URL}/version\n")),(0,a.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,a.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,a.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,a.kt)("inlineCode",{parentName:"p"},"--cacert ${API_SERVER_CA}")," part of the command."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fL --cacert ${API_SERVER_CA} ${API_SERVER_URL}/version\n")),(0,a.kt)("p",null,"If you get a valid JSON response or an ",(0,a.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,a.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,a.kt)("inlineCode",{parentName:"p"},"${API_SERVER_CA}")," file should look similar to the below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,a.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,a.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,a.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d["v0.5"].fleetCRD),(0,a.kt)("p",null,"Second install the Fleet controllers."),(0,a.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="${API_SERVER_URL}" \\\n --set-file apiServerCA="${API_SERVER_CA}" \\\n fleet'," ",r.d["v0.5"].fleet),(0,a.kt)("p",null,"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,a.kt)("a",{parentName:"p",href:"/0.5/cluster-overview"},"register clusters")," and ",(0,a.kt)("a",{parentName:"p",href:"/0.5/gitrepo-add"},"git repos")," with\nthe Fleet manager."))}m.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>l});const l=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file diff --git a/assets/js/0a06c365.f127ac5e.js b/assets/js/0a06c365.f127ac5e.js deleted file mode 100644 index 25bb945b3..000000000 --- a/assets/js/0a06c365.f127ac5e.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1371],{6828:(e,t,n)=>{n.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-0.5.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-agent-0.5.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-crd-0.5.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-0.6.0-alpha2.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-agent-0.6.0-alpha2.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-crd-0.6.0-alpha2.tgz"}}},2615:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>o,default:()=>h,frontMatter:()=>i,metadata:()=>c,toc:()=>p});var l=n(7462),a=(n(7294),n(3905)),r=n(6828),s=n(814);const i={},o="Multi Cluster Install",c={unversionedId:"multi-cluster-install",id:"version-0.5/multi-cluster-install",title:"Multi Cluster Install",description:"Note: Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under Continuous Delivery on Rancher.",source:"@site/versioned_docs/version-0.5/multi-cluster-install.md",sourceDirName:".",slug:"/multi-cluster-install",permalink:"/0.5/multi-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/multi-cluster-install.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Single Cluster Install",permalink:"/0.5/single-cluster-install"},next:{title:"Uninstall",permalink:"/0.5/uninstall"}},u={},p=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:2},{value:"Install",id:"install",level:2}],d={toc:p};function h(e){let{components:t,...i}=e;return(0,a.kt)("wrapper",(0,l.Z)({},d,i,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"multi-cluster-install"},"Multi Cluster Install"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Note:")," Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,a.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Warning:")," The multi-cluster install described below is ",(0,a.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA. "),(0,a.kt)("p",null,"In the below use case, you will setup a centralized Fleet manager. The centralized Fleet manager is a\nKubernetes cluster running the Fleet controllers. After installing the Fleet manager, you will then\nneed to register remote downstream clusters with the Fleet manager."),(0,a.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,a.kt)("h3",{id:"helm-3"},"Helm 3"),(0,a.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,a.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,a.kt)("p",null,"macOS"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,a.kt)("p",null,"Windows"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,a.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,a.kt)("p",null,"The Fleet manager is a controller running on a Kubernetes cluster so an existing cluster is required. All\ndownstream cluster that will be managed will need to communicate to this central Kubernetes cluster. This\nmeans the Kubernetes API server URL must be accessible to the downstream clusters. Any Kubernetes community\nsupported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,a.kt)("h2",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,a.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,a.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config"),"). The ",(0,a.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,a.kt)("p",null,"Please note that the ",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,a.kt)("p",null,"If you have ",(0,a.kt)("inlineCode",{parentName:"p"},"jq")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"base64")," available then this one-liners will pull all CA certificates from your\n",(0,a.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," and place then in a file named ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem"),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n")),(0,a.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')),(0,a.kt)("h2",{id:"install"},"Install"),(0,a.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,a.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,a.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,a.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,a.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,a.kt)("p",null,"Run the following commands"),(0,a.kt)("p",null,"Setup the environment with your specific values."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,a.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,a.kt)("p",null,"First validate the server URL is correct."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fLk ${API_SERVER_URL}/version\n")),(0,a.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,a.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,a.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,a.kt)("inlineCode",{parentName:"p"},"--cacert ${API_SERVER_CA}")," part of the command."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fL --cacert ${API_SERVER_CA} ${API_SERVER_URL}/version\n")),(0,a.kt)("p",null,"If you get a valid JSON response or an ",(0,a.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,a.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,a.kt)("inlineCode",{parentName:"p"},"${API_SERVER_CA}")," file should look similar to the below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,a.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,a.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,a.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d["v0.5"].fleetCRD),(0,a.kt)("p",null,"Second install the Fleet controllers."),(0,a.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="${API_SERVER_URL}" \\\n --set-file apiServerCA="${API_SERVER_CA}" \\\n fleet'," ",r.d["v0.5"].fleet),(0,a.kt)("p",null,"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,a.kt)("a",{parentName:"p",href:"/0.5/cluster-overview"},"register clusters")," and ",(0,a.kt)("a",{parentName:"p",href:"/0.5/gitrepo-add"},"git repos")," with\nthe Fleet manager."))}h.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>l});const l=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file diff --git a/assets/js/0e50cd4d.c57c2c98.js b/assets/js/0e50cd4d.daf3545b.js similarity index 97% rename from assets/js/0e50cd4d.c57c2c98.js rename to assets/js/0e50cd4d.daf3545b.js index 2f8d503b2..f99aff132 100644 --- a/assets/js/0e50cd4d.c57c2c98.js +++ b/assets/js/0e50cd4d.daf3545b.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6560],{3905:(e,t,r)=>{r.d(t,{Zo:()=>i,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},i=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,i=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||p[d]||o;return r?n.createElement(f,s(s({ref:t},i),{},{components:r})):n.createElement(f,s({ref:t},i))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Cluster Groups",l={unversionedId:"cluster-group",id:"version-0.5/cluster-group",title:"Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/versioned_docs/version-0.5/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/0.5/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-group.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Manager Initiated",permalink:"/0.5/manager-initiated"},next:{title:"Namespaces",permalink:"/0.5/namespaces"}},c={},u=[],i={toc:u};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},i,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-groups"},"Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6560],{3905:(e,t,r)=>{r.d(t,{Zo:()=>i,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},i=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,i=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||p[d]||o;return r?n.createElement(f,s(s({ref:t},i),{},{components:r})):n.createElement(f,s({ref:t},i))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Cluster Groups",l={unversionedId:"cluster-group",id:"version-0.5/cluster-group",title:"Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/versioned_docs/version-0.5/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/0.5/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-group.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Manager Initiated",permalink:"/0.5/manager-initiated"},next:{title:"Namespaces",permalink:"/0.5/namespaces"}},c={},u=[],i={toc:u};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},i,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-groups"},"Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/10f03480.b741d736.js b/assets/js/10f03480.7b061657.js similarity index 98% rename from assets/js/10f03480.b741d736.js rename to assets/js/10f03480.7b061657.js index 8e503ab6c..9274e06a5 100644 --- a/assets/js/10f03480.b741d736.js +++ b/assets/js/10f03480.7b061657.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5945],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var l=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);t&&(l=l.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,l)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(l=0;l=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=l.createContext({}),p=function(e){var t=l.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return l.createElement(s.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return l.createElement(l.Fragment,{},t)}},u=l.forwardRef((function(e,t){var n=e.components,a=e.mdxType,r=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),u=p(n),d=a,h=u["".concat(s,".").concat(d)]||u[d]||m[d]||r;return n?l.createElement(h,o(o({ref:t},c),{},{components:n})):l.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var r=n.length,o=new Array(r);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>m,frontMatter:()=>r,metadata:()=>i,toc:()=>p});var l=n(7462),a=(n(7294),n(3905));const r={},o="Examples",i={unversionedId:"examples",id:"version-0.4/examples",title:"Examples",description:"Lifecycle of a Fleet Bundle",source:"@site/versioned_docs/version-0.4/examples.md",sourceDirName:".",slug:"/examples",permalink:"/0.4/examples",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/examples.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/0.4/architecture"},next:{title:"Overview",permalink:"/0.4/cluster-overview"}},s={},p=[{value:"Lifecycle of a Fleet Bundle",id:"lifecycle-of-a-fleet-bundle",level:3},{value:"Deploy Kubernetes Manifests Across Clusters with Customization",id:"deploy-kubernetes-manifests-across-clusters-with-customization",level:3},{value:"Additional Examples",id:"additional-examples",level:3}],c={toc:p};function m(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,l.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"examples"},"Examples"),(0,a.kt)("h3",{id:"lifecycle-of-a-fleet-bundle"},"Lifecycle of a Fleet Bundle"),(0,a.kt)("p",null,"To demonstrate the lifecycle of a Fleet bundle, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"User will create a ",(0,a.kt)("a",{parentName:"li",href:"/0.4/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,a.kt)("a",{parentName:"li",href:"/0.4/webhook"},"webhook event"),". With every commit change, the ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,a.kt)("a",{parentName:"li",href:"/0.4/cluster-bundles-state#bundles"},"bundle"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,a.kt)("ol",{start:3},(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,a.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,a.kt)("h3",{id:"deploy-kubernetes-manifests-across-clusters-with-customization"},"Deploy Kubernetes Manifests Across Clusters with Customization"),(0,a.kt)("p",null,(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,a.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters using Fleet, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml")," as a case study."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,a.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,a.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,a.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Expected behavior:")," "),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,a.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,a.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,a.kt)("li",{parentName:"ol"},"Under ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,a.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),": ")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result:")),(0,a.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,a.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,a.kt)("h3",{id:"additional-examples"},"Additional Examples"),(0,a.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}m.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5945],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var l=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);t&&(l=l.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,l)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(l=0;l=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=l.createContext({}),p=function(e){var t=l.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return l.createElement(s.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return l.createElement(l.Fragment,{},t)}},u=l.forwardRef((function(e,t){var n=e.components,a=e.mdxType,r=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),u=p(n),d=a,h=u["".concat(s,".").concat(d)]||u[d]||m[d]||r;return n?l.createElement(h,o(o({ref:t},c),{},{components:n})):l.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var r=n.length,o=new Array(r);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>m,frontMatter:()=>r,metadata:()=>i,toc:()=>p});var l=n(7462),a=(n(7294),n(3905));const r={},o="Examples",i={unversionedId:"examples",id:"version-0.4/examples",title:"Examples",description:"Lifecycle of a Fleet Bundle",source:"@site/versioned_docs/version-0.4/examples.md",sourceDirName:".",slug:"/examples",permalink:"/0.4/examples",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/examples.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/0.4/architecture"},next:{title:"Overview",permalink:"/0.4/cluster-overview"}},s={},p=[{value:"Lifecycle of a Fleet Bundle",id:"lifecycle-of-a-fleet-bundle",level:3},{value:"Deploy Kubernetes Manifests Across Clusters with Customization",id:"deploy-kubernetes-manifests-across-clusters-with-customization",level:3},{value:"Additional Examples",id:"additional-examples",level:3}],c={toc:p};function m(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,l.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"examples"},"Examples"),(0,a.kt)("h3",{id:"lifecycle-of-a-fleet-bundle"},"Lifecycle of a Fleet Bundle"),(0,a.kt)("p",null,"To demonstrate the lifecycle of a Fleet bundle, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"User will create a ",(0,a.kt)("a",{parentName:"li",href:"/0.4/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,a.kt)("a",{parentName:"li",href:"/0.4/webhook"},"webhook event"),". With every commit change, the ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,a.kt)("a",{parentName:"li",href:"/0.4/cluster-bundles-state#bundles"},"bundle"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,a.kt)("ol",{start:3},(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,a.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,a.kt)("h3",{id:"deploy-kubernetes-manifests-across-clusters-with-customization"},"Deploy Kubernetes Manifests Across Clusters with Customization"),(0,a.kt)("p",null,(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,a.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters using Fleet, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml")," as a case study."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,a.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,a.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,a.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Expected behavior:")," "),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,a.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,a.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,a.kt)("li",{parentName:"ol"},"Under ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,a.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),": ")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result:")),(0,a.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,a.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,a.kt)("h3",{id:"additional-examples"},"Additional Examples"),(0,a.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}m.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/11f54a6a.16a6b84e.js b/assets/js/11f54a6a.58de1936.js similarity index 99% rename from assets/js/11f54a6a.16a6b84e.js rename to assets/js/11f54a6a.58de1936.js index 105cf7474..9441653c4 100644 --- a/assets/js/11f54a6a.16a6b84e.js +++ b/assets/js/11f54a6a.58de1936.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7301],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),p=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(l.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(n),d=r,h=m["".concat(l,".").concat(d)]||m[d]||u[d]||i;return n?a.createElement(h,o(o({ref:t},c),{},{components:n})):a.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=m;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const i={},o="Adding a GitRepo",s={unversionedId:"gitrepo-add",id:"version-0.5/gitrepo-add",title:"Adding a GitRepo",description:"Proper namespace",source:"@site/versioned_docs/version-0.5/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/0.5/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/gitrepo-add.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/0.5/namespaces"},next:{title:"Expected Repo Structure",permalink:"/0.5/gitrepo-structure"}},l={},p=[{value:"Proper namespace",id:"proper-namespace",level:2},{value:"Create GitRepo instance",id:"create-gitrepo-instance",level:2},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"adding-a-gitrepo"},"Adding a GitRepo"),(0,r.kt)("h2",{id:"proper-namespace"},"Proper namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"Users can create new workspaces and move clusters across workspaces. An example of a special case might be including the local cluster in the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," payload for config maps and secrets (no active deployments or payloads)."),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"While it's possible to move clusters out of either workspace, we recommend that you keep the local cluster in ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local"),".")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo instance"),(0,r.kt)("p",null,"Git repositories are register by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," following the below YAML sample. Refer\nto the inline comments as the means of each field"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n #\n # pollingInterval: 15\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n')),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",null,"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/0.5/troubleshooting"},"here"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7301],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),p=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(l.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(n),d=r,h=m["".concat(l,".").concat(d)]||m[d]||u[d]||i;return n?a.createElement(h,o(o({ref:t},c),{},{components:n})):a.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=m;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const i={},o="Adding a GitRepo",s={unversionedId:"gitrepo-add",id:"version-0.5/gitrepo-add",title:"Adding a GitRepo",description:"Proper namespace",source:"@site/versioned_docs/version-0.5/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/0.5/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/gitrepo-add.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/0.5/namespaces"},next:{title:"Expected Repo Structure",permalink:"/0.5/gitrepo-structure"}},l={},p=[{value:"Proper namespace",id:"proper-namespace",level:2},{value:"Create GitRepo instance",id:"create-gitrepo-instance",level:2},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"adding-a-gitrepo"},"Adding a GitRepo"),(0,r.kt)("h2",{id:"proper-namespace"},"Proper namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"Users can create new workspaces and move clusters across workspaces. An example of a special case might be including the local cluster in the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," payload for config maps and secrets (no active deployments or payloads)."),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"While it's possible to move clusters out of either workspace, we recommend that you keep the local cluster in ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local"),".")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo instance"),(0,r.kt)("p",null,"Git repositories are register by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," following the below YAML sample. Refer\nto the inline comments as the means of each field"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n #\n # pollingInterval: 15\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n')),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",null,"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/0.5/troubleshooting"},"here"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/12f4838b.971d5167.js b/assets/js/12f4838b.6cef46d7.js similarity index 98% rename from assets/js/12f4838b.971d5167.js rename to assets/js/12f4838b.6cef46d7.js index 841386da8..7152ecfc6 100644 --- a/assets/js/12f4838b.971d5167.js +++ b/assets/js/12f4838b.6cef46d7.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8795],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),s=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=s(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=c(e,["components","mdxType","originalType","parentName"]),d=s(n),m=a,g=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?r.createElement(g,o(o({ref:t},u),{},{components:n})):r.createElement(g,o({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,o=new Array(i);o[0]=d;var c={};for(var l in t)hasOwnProperty.call(t,l)&&(c[l]=t[l]);c.originalType=e,c.mdxType="string"==typeof e?e:a,o[1]=c;for(var s=2;s{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>c,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const i={},o="Manager Initiated",c={unversionedId:"manager-initiated",id:"version-0.5/manager-initiated",title:"Manager Initiated",description:"Refer to the overview page for a background information on the manager initiated registration style.",source:"@site/versioned_docs/version-0.5/manager-initiated.md",sourceDirName:".",slug:"/manager-initiated",permalink:"/0.5/manager-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/manager-initiated.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Agent Initiated",permalink:"/0.5/agent-initiated"},next:{title:"Cluster Groups",permalink:"/0.5/cluster-group"}},l={},s=[{value:"Kubeconfig Secret",id:"kubeconfig-secret",level:2},{value:"Example",id:"example",level:2},{value:"Kubeconfig Secret",id:"kubeconfig-secret-1",level:3},{value:"Cluster",id:"cluster",level:3}],u={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"manager-initiated"},"Manager Initiated"),(0,a.kt)("p",null,"Refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the manager initiated registration style."),(0,a.kt)("h2",{id:"kubeconfig-secret"},"Kubeconfig Secret"),(0,a.kt)("p",null,"The manager initiated registration flow is accomplished by creating a\n",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,a.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,a.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,a.kt)("p",null,"The format of this secret is intended to match the ",(0,a.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format"),"\nof the kubeconfig\nsecret used in ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically\nregistered with Fleet."),(0,a.kt)("h2",{id:"example"},"Example"),(0,a.kt)("h3",{id:"kubeconfig-secret-1"},"Kubeconfig Secret"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,a.kt)("h3",{id:"cluster"},"Cluster"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8795],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),s=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=s(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=c(e,["components","mdxType","originalType","parentName"]),d=s(n),m=a,g=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?r.createElement(g,o(o({ref:t},u),{},{components:n})):r.createElement(g,o({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,o=new Array(i);o[0]=d;var c={};for(var l in t)hasOwnProperty.call(t,l)&&(c[l]=t[l]);c.originalType=e,c.mdxType="string"==typeof e?e:a,o[1]=c;for(var s=2;s{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>c,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const i={},o="Manager Initiated",c={unversionedId:"manager-initiated",id:"version-0.5/manager-initiated",title:"Manager Initiated",description:"Refer to the overview page for a background information on the manager initiated registration style.",source:"@site/versioned_docs/version-0.5/manager-initiated.md",sourceDirName:".",slug:"/manager-initiated",permalink:"/0.5/manager-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/manager-initiated.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Agent Initiated",permalink:"/0.5/agent-initiated"},next:{title:"Cluster Groups",permalink:"/0.5/cluster-group"}},l={},s=[{value:"Kubeconfig Secret",id:"kubeconfig-secret",level:2},{value:"Example",id:"example",level:2},{value:"Kubeconfig Secret",id:"kubeconfig-secret-1",level:3},{value:"Cluster",id:"cluster",level:3}],u={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"manager-initiated"},"Manager Initiated"),(0,a.kt)("p",null,"Refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the manager initiated registration style."),(0,a.kt)("h2",{id:"kubeconfig-secret"},"Kubeconfig Secret"),(0,a.kt)("p",null,"The manager initiated registration flow is accomplished by creating a\n",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,a.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,a.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,a.kt)("p",null,"The format of this secret is intended to match the ",(0,a.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format"),"\nof the kubeconfig\nsecret used in ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically\nregistered with Fleet."),(0,a.kt)("h2",{id:"example"},"Example"),(0,a.kt)("h3",{id:"kubeconfig-secret-1"},"Kubeconfig Secret"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,a.kt)("h3",{id:"cluster"},"Cluster"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/14d8290d.17db2b17.js b/assets/js/14d8290d.842dcd90.js similarity index 97% rename from assets/js/14d8290d.17db2b17.js rename to assets/js/14d8290d.842dcd90.js index 0ee5936a6..fdfc44a05 100644 --- a/assets/js/14d8290d.17db2b17.js +++ b/assets/js/14d8290d.842dcd90.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8763],{3905:(e,t,n)=>{n.d(t,{Zo:()=>l,kt:()=>m});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function c(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var s=r.createContext({}),p=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):c(c({},t),e)),n},l=function(e){var t=p(e.components);return r.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,a=e.originalType,s=e.parentName,l=i(e,["components","mdxType","originalType","parentName"]),u=p(n),m=o,d=u["".concat(s,".").concat(m)]||u[m]||f[m]||a;return n?r.createElement(d,c(c({ref:t},l),{},{components:n})):r.createElement(d,c({ref:t},l))}));function m(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var a=n.length,c=new Array(a);c[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:o,c[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>c,default:()=>f,frontMatter:()=>a,metadata:()=>i,toc:()=>p});var r=n(7462),o=(n(7294),n(3905));const a={},c="Components",i={unversionedId:"ref-components",id:"ref-components",title:"Components",description:"An overview of the components and how they interact on a high level.",source:"@site/docs/ref-components.md",sourceDirName:".",slug:"/ref-components",permalink:"/ref-components",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-components.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Bundle Rendering Stages",permalink:"/ref-bundle-stages"},next:{title:"Namespaces",permalink:"/ref-namespaces"}},s={},p=[],l={toc:p};function f(e){let{components:t,...a}=e;return(0,o.kt)("wrapper",(0,r.Z)({},l,a,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"components"},"Components"),(0,o.kt)("p",null,"An overview of the components and how they interact on a high level."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Components",src:n(1913).Z,width:"1320",height:"1280"})))}f.isMDXComponent=!0},1913:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetComponents-c8df42a6b4b21b11f1bba2a2d6a75cce.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8763],{3905:(e,t,n)=>{n.d(t,{Zo:()=>l,kt:()=>m});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function c(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var s=r.createContext({}),p=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):c(c({},t),e)),n},l=function(e){var t=p(e.components);return r.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,a=e.originalType,s=e.parentName,l=i(e,["components","mdxType","originalType","parentName"]),u=p(n),m=o,d=u["".concat(s,".").concat(m)]||u[m]||f[m]||a;return n?r.createElement(d,c(c({ref:t},l),{},{components:n})):r.createElement(d,c({ref:t},l))}));function m(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var a=n.length,c=new Array(a);c[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:o,c[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>c,default:()=>f,frontMatter:()=>a,metadata:()=>i,toc:()=>p});var r=n(7462),o=(n(7294),n(3905));const a={},c="Components",i={unversionedId:"ref-components",id:"ref-components",title:"Components",description:"An overview of the components and how they interact on a high level.",source:"@site/docs/ref-components.md",sourceDirName:".",slug:"/ref-components",permalink:"/ref-components",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-components.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Bundle Rendering Stages",permalink:"/ref-bundle-stages"},next:{title:"Namespaces",permalink:"/ref-namespaces"}},s={},p=[],l={toc:p};function f(e){let{components:t,...a}=e;return(0,o.kt)("wrapper",(0,r.Z)({},l,a,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"components"},"Components"),(0,o.kt)("p",null,"An overview of the components and how they interact on a high level."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Components",src:n(1913).Z,width:"1320",height:"1280"})))}f.isMDXComponent=!0},1913:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetComponents-c8df42a6b4b21b11f1bba2a2d6a75cce.svg"}}]); \ No newline at end of file diff --git a/assets/js/1f14308a.570e88e1.js b/assets/js/1f14308a.c9b36535.js similarity index 98% rename from assets/js/1f14308a.570e88e1.js rename to assets/js/1f14308a.c9b36535.js index 6bfa298cb..59a202a6e 100644 --- a/assets/js/1f14308a.570e88e1.js +++ b/assets/js/1f14308a.c9b36535.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4728],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,l=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=c(n),u=r,g=d["".concat(l,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const o={},i="Image scan",s={unversionedId:"imagescan",id:"version-0.5/imagescan",title:"Image scan",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/versioned_docs/version-0.5/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/0.5/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/imagescan.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Webhook",permalink:"/0.5/webhook"},next:{title:"Cluster and Bundle state",permalink:"/0.5/cluster-bundles-state"}},l={},c=[],m={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"image-scan"},"Image scan"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order \n- policy: \n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver: \n range: "*" \n # can use ascending or descending order\n alphabetical:\n order: asc \n\n # specify images to scan\n image: "your.registry.com/repo/image" \n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret \n\n # Specify the scan interval\n interval: 5m \n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples \n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m \n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret \n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4728],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,l=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=c(n),u=r,g=d["".concat(l,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const o={},i="Image scan",s={unversionedId:"imagescan",id:"version-0.5/imagescan",title:"Image scan",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/versioned_docs/version-0.5/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/0.5/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/imagescan.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Webhook",permalink:"/0.5/webhook"},next:{title:"Cluster and Bundle state",permalink:"/0.5/cluster-bundles-state"}},l={},c=[],m={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"image-scan"},"Image scan"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order \n- policy: \n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver: \n range: "*" \n # can use ascending or descending order\n alphabetical:\n order: asc \n\n # specify images to scan\n image: "your.registry.com/repo/image" \n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret \n\n # Specify the scan interval\n interval: 5m \n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples \n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m \n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret \n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/1fec2b35.74752462.js b/assets/js/1fec2b35.77a3fb5a.js similarity index 97% rename from assets/js/1fec2b35.74752462.js rename to assets/js/1fec2b35.77a3fb5a.js index 11cd8d844..eaae0d623 100644 --- a/assets/js/1fec2b35.74752462.js +++ b/assets/js/1fec2b35.77a3fb5a.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3325],{3905:(e,t,n)=>{n.d(t,{Zo:()=>i,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var u=r.createContext({}),d=function(e){var t=r.useContext(u),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},i=function(e){var t=d(e.components);return r.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},c=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,i=o(e,["components","mdxType","originalType","parentName"]),c=d(n),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return n?r.createElement(m,s(s({ref:t},i),{},{components:n})):r.createElement(m,s({ref:t},i))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var d=2;d{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>d});var r=n(7462),a=(n(7294),n(3905));const l={},s="Cluster and Bundle state",o={unversionedId:"cluster-bundles-state",id:"version-0.4/cluster-bundles-state",title:"Cluster and Bundle state",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/versioned_docs/version-0.4/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/0.4/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-bundles-state.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Image scan",permalink:"/0.4/imagescan"},next:{title:"Troubleshooting",permalink:"/0.4/troubleshooting"}},u={},d=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],i={toc:d};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},i,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3325],{3905:(e,t,n)=>{n.d(t,{Zo:()=>i,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var u=r.createContext({}),d=function(e){var t=r.useContext(u),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},i=function(e){var t=d(e.components);return r.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},c=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,i=o(e,["components","mdxType","originalType","parentName"]),c=d(n),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return n?r.createElement(m,s(s({ref:t},i),{},{components:n})):r.createElement(m,s({ref:t},i))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var d=2;d{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>d});var r=n(7462),a=(n(7294),n(3905));const l={},s="Cluster and Bundle state",o={unversionedId:"cluster-bundles-state",id:"version-0.4/cluster-bundles-state",title:"Cluster and Bundle state",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/versioned_docs/version-0.4/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/0.4/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-bundles-state.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Image scan",permalink:"/0.4/imagescan"},next:{title:"Troubleshooting",permalink:"/0.4/troubleshooting"}},u={},d=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],i={toc:d};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},i,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/22b369d5.549df8fe.js b/assets/js/22b369d5.e8c002d5.js similarity index 97% rename from assets/js/22b369d5.549df8fe.js rename to assets/js/22b369d5.e8c002d5.js index 83b275d01..f6115609a 100644 --- a/assets/js/22b369d5.549df8fe.js +++ b/assets/js/22b369d5.e8c002d5.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7539],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),f=c(n),m=l,d=f["".concat(s,".").concat(m)]||f[m]||p[m]||a;return n?r.createElement(d,o(o({ref:t},u),{},{components:n})):r.createElement(d,o({ref:t},u))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=f;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"version-0.4/uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/versioned_docs/version-0.4/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/0.4/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/uninstall.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Multi-cluster Install",permalink:"/0.4/multi-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7539],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),f=c(n),m=l,d=f["".concat(s,".").concat(m)]||f[m]||p[m]||a;return n?r.createElement(d,o(o({ref:t},u),{},{components:n})):r.createElement(d,o({ref:t},u))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=f;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"version-0.4/uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/versioned_docs/version-0.4/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/0.4/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/uninstall.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Multi-cluster Install",permalink:"/0.4/multi-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/26326ef3.f5f24ec7.js b/assets/js/26326ef3.e884bef2.js similarity index 97% rename from assets/js/26326ef3.f5f24ec7.js rename to assets/js/26326ef3.e884bef2.js index 502876df7..8649bd116 100644 --- a/assets/js/26326ef3.f5f24ec7.js +++ b/assets/js/26326ef3.e884bef2.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4236],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function i(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(r),g=a,m=d["".concat(l,".").concat(g)]||d[g]||p[g]||i;return r?n.createElement(m,o(o({ref:t},u),{},{components:r})):n.createElement(m,o({ref:t},u))}));function g(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=r.length,o=new Array(i);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const i={},o="Overview",s={unversionedId:"cluster-overview",id:"cluster-overview",title:"Overview",description:"There are two specific styles to registering clusters. These styles will be referred",source:"@site/docs/cluster-overview.md",sourceDirName:".",slug:"/cluster-overview",permalink:"/cluster-overview",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cluster-overview.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Examples",permalink:"/examples"},next:{title:"Cluster Registration Tokens",permalink:"/cluster-tokens"}},l={},c=[{value:"Agent Initiated Registration",id:"agent-initiated-registration",level:2},{value:"Manager Initiated Registration",id:"manager-initiated-registration",level:2}],u={toc:c};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},u,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,a.kt)("strong",{parentName:"p"},"agent initiated")," and ",(0,a.kt)("strong",{parentName:"p"},"manager initiated")," registration. Typically one would\ngo with the agent initiated registration but there are specific use cases in which\nmanager initiated is a better workflow."),(0,a.kt)("h2",{id:"agent-initiated-registration"},"Agent Initiated Registration"),(0,a.kt)("p",null,"Agent initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,a.kt)("a",{parentName:"p",href:"/cluster-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,a.kt)("h2",{id:"manager-initiated-registration"},"Manager Initiated Registration"),(0,a.kt)("p",null,"Manager initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4236],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function i(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(r),g=a,m=d["".concat(l,".").concat(g)]||d[g]||p[g]||i;return r?n.createElement(m,o(o({ref:t},u),{},{components:r})):n.createElement(m,o({ref:t},u))}));function g(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=r.length,o=new Array(i);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const i={},o="Overview",s={unversionedId:"cluster-overview",id:"cluster-overview",title:"Overview",description:"There are two specific styles to registering clusters. These styles will be referred",source:"@site/docs/cluster-overview.md",sourceDirName:".",slug:"/cluster-overview",permalink:"/cluster-overview",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cluster-overview.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Examples",permalink:"/examples"},next:{title:"Cluster Registration Tokens",permalink:"/cluster-tokens"}},l={},c=[{value:"Agent Initiated Registration",id:"agent-initiated-registration",level:2},{value:"Manager Initiated Registration",id:"manager-initiated-registration",level:2}],u={toc:c};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},u,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,a.kt)("strong",{parentName:"p"},"agent initiated")," and ",(0,a.kt)("strong",{parentName:"p"},"manager initiated")," registration. Typically one would\ngo with the agent initiated registration but there are specific use cases in which\nmanager initiated is a better workflow."),(0,a.kt)("h2",{id:"agent-initiated-registration"},"Agent Initiated Registration"),(0,a.kt)("p",null,"Agent initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,a.kt)("a",{parentName:"p",href:"/cluster-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,a.kt)("h2",{id:"manager-initiated-registration"},"Manager Initiated Registration"),(0,a.kt)("p",null,"Manager initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/2d618eff.a4d1dce8.js b/assets/js/2d618eff.f92010c4.js similarity index 99% rename from assets/js/2d618eff.a4d1dce8.js rename to assets/js/2d618eff.f92010c4.js index 4ef56de74..facc9d339 100644 --- a/assets/js/2d618eff.a4d1dce8.js +++ b/assets/js/2d618eff.f92010c4.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7224],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),c=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},p=function(e){var t=c(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),h=c(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},p),{},{components:n})):o.createElement(m,r({ref:t},p))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"version-0.4/troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/versioned_docs/version-0.4/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/0.4/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/troubleshooting.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle state",permalink:"/0.4/cluster-bundles-state"},next:{title:"Advanced Users",permalink:"/0.4/advanced-users"}},s={},c=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Migrate the local cluster to the Fleet default cluster?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3}],p={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled. "),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo. "),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster"},"Migrate the local cluster to the Fleet default cluster?"),(0,a.kt)("p",null,"For users who want to deploy to the local cluster as well, they may move the cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default")," in the Rancher UI as follows:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"To get to Fleet in Rancher, click \u2630 > Continuous Delivery."),(0,a.kt)("li",{parentName:"ul"},"Under the ",(0,a.kt)("strong",{parentName:"li"},"Clusters")," menu, select the ",(0,a.kt)("strong",{parentName:"li"},"local")," cluster by checking the box to the left."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Assign to")," from the tabs above the cluster."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"strong"},"fleet-default"))," from the ",(0,a.kt)("strong",{parentName:"li"},"Assign Cluster To")," dropdown.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result"),": The cluster will be migrated to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default"),"."),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu "),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown "),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/0.4/gitrepo-structure"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority" \n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm: \n releaseName: \n repo: \n chart: \ndiff: \n comparePatches: \n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations" \n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/bundle-diffs"},"bundle diffs documentation")," for more information. ")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7224],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),c=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},p=function(e){var t=c(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),h=c(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},p),{},{components:n})):o.createElement(m,r({ref:t},p))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"version-0.4/troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/versioned_docs/version-0.4/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/0.4/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/troubleshooting.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle state",permalink:"/0.4/cluster-bundles-state"},next:{title:"Advanced Users",permalink:"/0.4/advanced-users"}},s={},c=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Migrate the local cluster to the Fleet default cluster?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3}],p={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled. "),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo. "),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster"},"Migrate the local cluster to the Fleet default cluster?"),(0,a.kt)("p",null,"For users who want to deploy to the local cluster as well, they may move the cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default")," in the Rancher UI as follows:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"To get to Fleet in Rancher, click \u2630 > Continuous Delivery."),(0,a.kt)("li",{parentName:"ul"},"Under the ",(0,a.kt)("strong",{parentName:"li"},"Clusters")," menu, select the ",(0,a.kt)("strong",{parentName:"li"},"local")," cluster by checking the box to the left."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Assign to")," from the tabs above the cluster."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"strong"},"fleet-default"))," from the ",(0,a.kt)("strong",{parentName:"li"},"Assign Cluster To")," dropdown.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result"),": The cluster will be migrated to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default"),"."),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu "),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown "),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/0.4/gitrepo-structure"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority" \n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm: \n releaseName: \n repo: \n chart: \ndiff: \n comparePatches: \n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations" \n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/bundle-diffs"},"bundle diffs documentation")," for more information. ")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/340d0560.d31de443.js b/assets/js/340d0560.33e8b3c1.js similarity index 96% rename from assets/js/340d0560.d31de443.js rename to assets/js/340d0560.33e8b3c1.js index 6bf33de68..6cc0b12f6 100644 --- a/assets/js/340d0560.d31de443.js +++ b/assets/js/340d0560.33e8b3c1.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9246],{3905:(e,t,n)=>{n.d(t,{Zo:()=>f,kt:()=>g});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var c=r.createContext({}),s=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},f=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(n),g=a,d=u["".concat(c,".").concat(g)]||u[g]||p[g]||l;return n?r.createElement(d,o(o({ref:t},f),{},{components:n})):r.createElement(d,o({ref:t},f))}));function g(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>p,frontMatter:()=>l,metadata:()=>i,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const l={title:"",sidebar_label:"fleet-agent"},o=void 0,i={unversionedId:"cli/fleet-agent/fleet-agent",id:"cli/fleet-agent/fleet-agent",title:"",description:"fleet-agent",source:"@site/docs/cli/fleet-agent/fleet-agent.md",sourceDirName:"cli/fleet-agent",slug:"/cli/fleet-agent/",permalink:"/cli/fleet-agent/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-agent/fleet-agent.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{title:"",sidebar_label:"fleet-agent"},sidebar:"docs",previous:{title:"Custom Resources",permalink:"/ref-crds"},next:{title:"fleet",permalink:"/cli/fleet-cli/fleet"}},c={},s=[{value:"fleet-agent",id:"fleet-agent",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},f,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h2",{id:"fleet-agent"},"fleet-agent"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"fleet-agent [flags]\n")),(0,a.kt)("h3",{id:"options"},"Options"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"}," --agent-scope string An identifier used to scope the agent bundleID names, typically the same as namespace\n --checkin-interval string How often to post cluster status\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet-agent\n --kubeconfig string kubeconfig file\n --namespace string namespace to watch\n --simulators int Numbers of simulators to run\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9246],{3905:(e,t,n)=>{n.d(t,{Zo:()=>f,kt:()=>g});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var c=r.createContext({}),s=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},f=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(n),g=a,d=u["".concat(c,".").concat(g)]||u[g]||p[g]||l;return n?r.createElement(d,o(o({ref:t},f),{},{components:n})):r.createElement(d,o({ref:t},f))}));function g(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>p,frontMatter:()=>l,metadata:()=>i,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const l={title:"",sidebar_label:"fleet-agent"},o=void 0,i={unversionedId:"cli/fleet-agent/fleet-agent",id:"cli/fleet-agent/fleet-agent",title:"",description:"fleet-agent",source:"@site/docs/cli/fleet-agent/fleet-agent.md",sourceDirName:"cli/fleet-agent",slug:"/cli/fleet-agent/",permalink:"/cli/fleet-agent/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-agent/fleet-agent.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{title:"",sidebar_label:"fleet-agent"},sidebar:"docs",previous:{title:"Custom Resources",permalink:"/ref-crds"},next:{title:"fleet",permalink:"/cli/fleet-cli/fleet"}},c={},s=[{value:"fleet-agent",id:"fleet-agent",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},f,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h2",{id:"fleet-agent"},"fleet-agent"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"fleet-agent [flags]\n")),(0,a.kt)("h3",{id:"options"},"Options"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"}," --agent-scope string An identifier used to scope the agent bundleID names, typically the same as namespace\n --checkin-interval string How often to post cluster status\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet-agent\n --kubeconfig string kubeconfig file\n --namespace string namespace to watch\n --simulators int Numbers of simulators to run\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/34a3c1ae.b9ba6941.js b/assets/js/34a3c1ae.399bcb19.js similarity index 99% rename from assets/js/34a3c1ae.b9ba6941.js rename to assets/js/34a3c1ae.399bcb19.js index 0a0779270..d3a202ee8 100644 --- a/assets/js/34a3c1ae.b9ba6941.js +++ b/assets/js/34a3c1ae.399bcb19.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5776],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),p=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(l.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(n),d=r,h=m["".concat(l,".").concat(d)]||m[d]||u[d]||i;return n?a.createElement(h,o(o({ref:t},c),{},{components:n})):a.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=m;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const i={},o="Adding a GitRepo",s={unversionedId:"gitrepo-add",id:"version-0.4/gitrepo-add",title:"Adding a GitRepo",description:"Proper namespace",source:"@site/versioned_docs/version-0.4/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/0.4/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/gitrepo-add.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/0.4/namespaces"},next:{title:"Expected Repo Structure",permalink:"/0.4/gitrepo-structure"}},l={},p=[{value:"Proper namespace",id:"proper-namespace",level:2},{value:"Create GitRepo instance",id:"create-gitrepo-instance",level:2},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"adding-a-gitrepo"},"Adding a GitRepo"),(0,r.kt)("h2",{id:"proper-namespace"},"Proper namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"Users can create new workspaces and move clusters across workspaces. An example of a special case might be including the local cluster in the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," payload for config maps and secrets (no active deployments or payloads)."),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"While it's possible to move clusters out of either workspace, we recommend that you keep the local cluster in ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local"),".")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo instance"),(0,r.kt)("p",null,"Git repositories are register by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," following the below YAML sample. Refer\nto the inline comments as the means of each field"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n #\n # pollingInterval: 15\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n')),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",null,"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/0.4/troubleshooting"},"here"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5776],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),p=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(l.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(n),d=r,h=m["".concat(l,".").concat(d)]||m[d]||u[d]||i;return n?a.createElement(h,o(o({ref:t},c),{},{components:n})):a.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=m;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const i={},o="Adding a GitRepo",s={unversionedId:"gitrepo-add",id:"version-0.4/gitrepo-add",title:"Adding a GitRepo",description:"Proper namespace",source:"@site/versioned_docs/version-0.4/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/0.4/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/gitrepo-add.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/0.4/namespaces"},next:{title:"Expected Repo Structure",permalink:"/0.4/gitrepo-structure"}},l={},p=[{value:"Proper namespace",id:"proper-namespace",level:2},{value:"Create GitRepo instance",id:"create-gitrepo-instance",level:2},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"adding-a-gitrepo"},"Adding a GitRepo"),(0,r.kt)("h2",{id:"proper-namespace"},"Proper namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"Users can create new workspaces and move clusters across workspaces. An example of a special case might be including the local cluster in the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," payload for config maps and secrets (no active deployments or payloads)."),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"While it's possible to move clusters out of either workspace, we recommend that you keep the local cluster in ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local"),".")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo instance"),(0,r.kt)("p",null,"Git repositories are register by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," following the below YAML sample. Refer\nto the inline comments as the means of each field"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n #\n # pollingInterval: 15\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n')),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",null,"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/0.4/troubleshooting"},"here"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/34eb4307.12c890b3.js b/assets/js/34eb4307.cafd192f.js similarity index 98% rename from assets/js/34eb4307.12c890b3.js rename to assets/js/34eb4307.cafd192f.js index 1e4c3eb93..1af5f19ae 100644 --- a/assets/js/34eb4307.12c890b3.js +++ b/assets/js/34eb4307.cafd192f.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7314],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(l,".").concat(m)]||d[m]||p[m]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"version-0.4/index",title:"Overview",description:"What is Fleet?",source:"@site/versioned_docs/version-0.4/index.md",sourceDirName:".",slug:"/",permalink:"/0.4/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/index.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/0.4/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7314],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(l,".").concat(m)]||d[m]||p[m]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"version-0.4/index",title:"Overview",description:"What is Fleet?",source:"@site/versioned_docs/version-0.4/index.md",sourceDirName:".",slug:"/",permalink:"/0.4/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/index.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/0.4/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file diff --git a/assets/js/3718f698.9024fb21.js b/assets/js/3718f698.077840a9.js similarity index 97% rename from assets/js/3718f698.9024fb21.js rename to assets/js/3718f698.077840a9.js index e44b3fb5e..791ad59a2 100644 --- a/assets/js/3718f698.9024fb21.js +++ b/assets/js/3718f698.077840a9.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5763],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var u=r.createContext({}),d=function(e){var t=r.useContext(u),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},p=function(e){var t=d(e.components);return r.createElement(u.Provider,{value:t},e.children)},i={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},c=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,p=o(e,["components","mdxType","originalType","parentName"]),c=d(n),f=a,m=c["".concat(u,".").concat(f)]||c[f]||i[f]||l;return n?r.createElement(m,s(s({ref:t},p),{},{components:n})):r.createElement(m,s({ref:t},p))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var d=2;d{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>i,frontMatter:()=>l,metadata:()=>o,toc:()=>d});var r=n(7462),a=(n(7294),n(3905));const l={},s="Cluster and Bundle State",o={unversionedId:"cluster-bundles-state",id:"cluster-bundles-state",title:"Cluster and Bundle State",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/docs/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cluster-bundles-state.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Uninstall",permalink:"/uninstall"},next:{title:"GitRepo CRD",permalink:"/ref-crd-gitrepo"}},u={},d=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],p={toc:d};function i(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}i.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5763],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var u=r.createContext({}),d=function(e){var t=r.useContext(u),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},p=function(e){var t=d(e.components);return r.createElement(u.Provider,{value:t},e.children)},i={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},c=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,p=o(e,["components","mdxType","originalType","parentName"]),c=d(n),f=a,m=c["".concat(u,".").concat(f)]||c[f]||i[f]||l;return n?r.createElement(m,s(s({ref:t},p),{},{components:n})):r.createElement(m,s({ref:t},p))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var d=2;d{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>i,frontMatter:()=>l,metadata:()=>o,toc:()=>d});var r=n(7462),a=(n(7294),n(3905));const l={},s="Cluster and Bundle State",o={unversionedId:"cluster-bundles-state",id:"cluster-bundles-state",title:"Cluster and Bundle State",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/docs/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cluster-bundles-state.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Uninstall",permalink:"/uninstall"},next:{title:"GitRepo CRD",permalink:"/ref-crd-gitrepo"}},u={},d=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],p={toc:d};function i(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}i.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/39f5e362.ea57e4f2.js b/assets/js/39f5e362.3479005a.js similarity index 99% rename from assets/js/39f5e362.ea57e4f2.js rename to assets/js/39f5e362.3479005a.js index e9f6e0768..33a002500 100644 --- a/assets/js/39f5e362.ea57e4f2.js +++ b/assets/js/39f5e362.3479005a.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6943],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||l;return n?r.createElement(h,o(o({ref:t},p),{},{components:n})):r.createElement(h,o({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},o="Core Concepts",s={unversionedId:"concepts",id:"version-0.5/concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/versioned_docs/version-0.5/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/0.5/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/concepts.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/0.5/quickstart"},next:{title:"Architecture",permalink:"/0.5/architecture"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/0.5/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"lifecycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/0.5/examples#lifecycle-of-a-fleet-bundle"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/0.5/examples#deploy-kubernetes-manifests-across-clusters-with-customization"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6943],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||l;return n?r.createElement(h,o(o({ref:t},p),{},{components:n})):r.createElement(h,o({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},o="Core Concepts",s={unversionedId:"concepts",id:"version-0.5/concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/versioned_docs/version-0.5/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/0.5/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/concepts.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/0.5/quickstart"},next:{title:"Architecture",permalink:"/0.5/architecture"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/0.5/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"lifecycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/0.5/examples#lifecycle-of-a-fleet-bundle"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/0.5/examples#deploy-kubernetes-manifests-across-clusters-with-customization"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/3b8c55ea.fd5799a5.js b/assets/js/3b8c55ea.01eed4fa.js similarity index 98% rename from assets/js/3b8c55ea.fd5799a5.js rename to assets/js/3b8c55ea.01eed4fa.js index 3edb69076..64dadbef0 100644 --- a/assets/js/3b8c55ea.fd5799a5.js +++ b/assets/js/3b8c55ea.01eed4fa.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3217],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),f=c(n),d=a,m=f["".concat(s,".").concat(d)]||f[d]||p[d]||l;return n?r.createElement(m,i(i({ref:t},u),{},{components:n})):r.createElement(m,i({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,i=new Array(l);i[0]=f;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:a,i[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},i="Installation",o={unversionedId:"installation",id:"installation",title:"Installation",description:"The installation is broken up into two different use cases: Single and",source:"@site/docs/installation.md",sourceDirName:".",slug:"/installation",permalink:"/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/installation.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Advanced Users",permalink:"/advanced-users"},next:{title:"Single Cluster Install",permalink:"/single-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"installation"},"Installation"),(0,a.kt)("p",null,"The installation is broken up into two different use cases: ",(0,a.kt)("a",{parentName:"p",href:"/single-cluster-install"},"Single")," and\n",(0,a.kt)("a",{parentName:"p",href:"/multi-cluster-install"},"Multi-Cluster")," install. The single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,a.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3217],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),f=c(n),d=a,m=f["".concat(s,".").concat(d)]||f[d]||p[d]||l;return n?r.createElement(m,i(i({ref:t},u),{},{components:n})):r.createElement(m,i({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,i=new Array(l);i[0]=f;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:a,i[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},i="Installation",o={unversionedId:"installation",id:"installation",title:"Installation",description:"The installation is broken up into two different use cases: Single and",source:"@site/docs/installation.md",sourceDirName:".",slug:"/installation",permalink:"/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/installation.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Advanced Users",permalink:"/advanced-users"},next:{title:"Single Cluster Install",permalink:"/single-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"installation"},"Installation"),(0,a.kt)("p",null,"The installation is broken up into two different use cases: ",(0,a.kt)("a",{parentName:"p",href:"/single-cluster-install"},"Single")," and\n",(0,a.kt)("a",{parentName:"p",href:"/multi-cluster-install"},"Multi-Cluster")," install. The single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,a.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/3c247a82.9262d5bf.js b/assets/js/3c247a82.6805e2f6.js similarity index 99% rename from assets/js/3c247a82.9262d5bf.js rename to assets/js/3c247a82.6805e2f6.js index 580386697..6a3a45eb8 100644 --- a/assets/js/3c247a82.9262d5bf.js +++ b/assets/js/3c247a82.6805e2f6.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9804],{3905:(e,t,a)=>{a.d(t,{Zo:()=>u,kt:()=>m});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var s=n.createContext({}),p=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},u=function(e){var t=p(e.components);return n.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),c=p(a),m=r,h=c["".concat(s,".").concat(m)]||c[m]||d[m]||l;return a?n.createElement(h,o(o({ref:t},u),{},{components:a})):n.createElement(h,o({ref:t},u))}));function m(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=a.length,o=new Array(l);o[0]=c;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),r=(a(7294),a(3905));const l={},o="Expected Repo Structure",i={unversionedId:"gitrepo-structure",id:"gitrepo-structure",title:"Expected Repo Structure",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/docs/gitrepo-structure.md",sourceDirName:".",slug:"/gitrepo-structure",permalink:"/gitrepo-structure",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/gitrepo-structure.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Adding a GitRepo",permalink:"/gitrepo-add"},next:{title:"Mapping to Downstream Clusters",permalink:"/gitrepo-targets"}},s={},p=[{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Reference",id:"reference",level:3},{value:"Private Helm Repositories",id:"private-helm-repositories",level:3},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle state",id:"cluster-and-bundle-state",level:2}],u={toc:p};function d(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"expected-repo-structure"},"Expected Repo Structure"),(0,r.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,r.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,r.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,r.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,r.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,r.kt)("p",null,"Multiple paths can be defined for a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,r.kt)("a",{parentName:"p",href:"/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,r.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"File"),(0,r.kt)("th",{parentName:"tr",align:null},"Location"),(0,r.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,r.kt)("a",{parentName:"td",href:"/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"}," *.yaml ")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If a ",(0,r.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,r.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")),(0,r.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,r.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,r.kt)("h2",{id:"fleetyaml"},(0,r.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,r.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,r.kt)("a",{parentName:"p",href:"/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,r.kt)("h3",{id:"reference"},"Reference"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,r.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,r.kt)("ul",{parentName:"admonition"},(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,r.kt)("inlineCode",{parentName:"p"},"helmValues")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),".")))),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\n# Optional map of labels, that are set at the bundle and can be used in a \n# dependsOn.bundleSelector\nlabels:\n key: value\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # Makes helm skip the check for its own annotations\n takeOwnership: false\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n # The variable\'s value will be an empty string if the referenced cluster label does not\n # exist on the targeted cluster\n variableName: global.fleet.clusterLabels.LABELNAME\n # It is possible to specify the keys and values as go template strings for\n # advanced templating needs. Most of the functions from the sprig templating\n # library are available.\n # The template context has following keys.\n # `.ClusterValues` are retrieved from target cluster\'s `spec.templateValues`\n # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.\n # `.ClusterName` as the fleet\'s cluster resource name.\n # `.ClusterNamespace` as the namespace in which the cluster resource exists.\n # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,\n # unlike helm which uses {{ }}.\n templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"\n valueFromEnv:\n "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets defined in the downstream clusters\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default \n key: values.yaml\n secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n # Disable go template pre-processing on the fleet values\n disablePreProcess: false\n # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.\n # It will wait for as long as timeoutSeconds\n waitForJobs: true\n \n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector: \n clusterSelector:\n matchLabels:\n env: prod\n\n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. \n clusterName: dev-cluster \n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n - name: one-multi-cluster-hello-world\n # Select bundles to depend on based on their label.\n - bundleSelector:\n matchLabels:\n app: weak-monkey\n')),(0,r.kt)("h3",{id:"private-helm-repositories"},"Private Helm Repositories"),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,r.kt)("a",{parentName:"p",href:"gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,r.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,r.kt)("p",null,"These examples showcase the style and format for using ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in downstream clusters."),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata: \n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,r.kt)("p",null,"There are three approaches to matching clusters for both ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,r.kt)("p",null,"When using Kustomize or Helm the ",(0,r.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,r.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file we be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,r.kt)("p",null,"A file named ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents a file the convention of adding ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,r.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,r.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"/cluster-bundles-state"},"Cluster and Bundle state"),"."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9804],{3905:(e,t,a)=>{a.d(t,{Zo:()=>u,kt:()=>m});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var s=n.createContext({}),p=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},u=function(e){var t=p(e.components);return n.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),c=p(a),m=r,h=c["".concat(s,".").concat(m)]||c[m]||d[m]||l;return a?n.createElement(h,o(o({ref:t},u),{},{components:a})):n.createElement(h,o({ref:t},u))}));function m(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=a.length,o=new Array(l);o[0]=c;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),r=(a(7294),a(3905));const l={},o="Expected Repo Structure",i={unversionedId:"gitrepo-structure",id:"gitrepo-structure",title:"Expected Repo Structure",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/docs/gitrepo-structure.md",sourceDirName:".",slug:"/gitrepo-structure",permalink:"/gitrepo-structure",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/gitrepo-structure.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Adding a GitRepo",permalink:"/gitrepo-add"},next:{title:"Mapping to Downstream Clusters",permalink:"/gitrepo-targets"}},s={},p=[{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Reference",id:"reference",level:3},{value:"Private Helm Repositories",id:"private-helm-repositories",level:3},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle state",id:"cluster-and-bundle-state",level:2}],u={toc:p};function d(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"expected-repo-structure"},"Expected Repo Structure"),(0,r.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,r.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,r.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,r.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,r.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,r.kt)("p",null,"Multiple paths can be defined for a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,r.kt)("a",{parentName:"p",href:"/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,r.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"File"),(0,r.kt)("th",{parentName:"tr",align:null},"Location"),(0,r.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,r.kt)("a",{parentName:"td",href:"/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"}," *.yaml ")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If a ",(0,r.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,r.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")),(0,r.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,r.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,r.kt)("h2",{id:"fleetyaml"},(0,r.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,r.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,r.kt)("a",{parentName:"p",href:"/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,r.kt)("h3",{id:"reference"},"Reference"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,r.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,r.kt)("ul",{parentName:"admonition"},(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,r.kt)("inlineCode",{parentName:"p"},"helmValues")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),".")))),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\n# Optional map of labels, that are set at the bundle and can be used in a \n# dependsOn.bundleSelector\nlabels:\n key: value\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # Makes helm skip the check for its own annotations\n takeOwnership: false\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n # The variable\'s value will be an empty string if the referenced cluster label does not\n # exist on the targeted cluster\n variableName: global.fleet.clusterLabels.LABELNAME\n # It is possible to specify the keys and values as go template strings for\n # advanced templating needs. Most of the functions from the sprig templating\n # library are available.\n # The template context has following keys.\n # `.ClusterValues` are retrieved from target cluster\'s `spec.templateValues`\n # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.\n # `.ClusterName` as the fleet\'s cluster resource name.\n # `.ClusterNamespace` as the namespace in which the cluster resource exists.\n # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,\n # unlike helm which uses {{ }}.\n templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"\n valueFromEnv:\n "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets defined in the downstream clusters\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default \n key: values.yaml\n secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n # Disable go template pre-processing on the fleet values\n disablePreProcess: false\n # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.\n # It will wait for as long as timeoutSeconds\n waitForJobs: true\n \n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector: \n clusterSelector:\n matchLabels:\n env: prod\n\n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. \n clusterName: dev-cluster \n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n - name: one-multi-cluster-hello-world\n # Select bundles to depend on based on their label.\n - bundleSelector:\n matchLabels:\n app: weak-monkey\n')),(0,r.kt)("h3",{id:"private-helm-repositories"},"Private Helm Repositories"),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,r.kt)("a",{parentName:"p",href:"gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,r.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,r.kt)("p",null,"These examples showcase the style and format for using ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in downstream clusters."),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata: \n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,r.kt)("p",null,"There are three approaches to matching clusters for both ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,r.kt)("p",null,"When using Kustomize or Helm the ",(0,r.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,r.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file we be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,r.kt)("p",null,"A file named ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents a file the convention of adding ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,r.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,r.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"/cluster-bundles-state"},"Cluster and Bundle state"),"."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/45a5cd1f.3036bc8c.js b/assets/js/45a5cd1f.7d8f1f1c.js similarity index 98% rename from assets/js/45a5cd1f.3036bc8c.js rename to assets/js/45a5cd1f.7d8f1f1c.js index 82afc2b1c..a38a1a8e8 100644 --- a/assets/js/45a5cd1f.3036bc8c.js +++ b/assets/js/45a5cd1f.7d8f1f1c.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3365],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||l;return n?r.createElement(h,o(o({ref:t},p),{},{components:n})):r.createElement(h,o({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},o="Core Concepts",s={unversionedId:"concepts",id:"concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/docs/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/concepts.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/quickstart"},next:{title:"Architecture",permalink:"/architecture"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"lifecycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/examples#lifecycle-of-a-fleet-bundle"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/examples#deploy-kubernetes-manifests-across-clusters-with-customization"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3365],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||l;return n?r.createElement(h,o(o({ref:t},p),{},{components:n})):r.createElement(h,o({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},o="Core Concepts",s={unversionedId:"concepts",id:"concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/docs/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/concepts.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/quickstart"},next:{title:"Architecture",permalink:"/architecture"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"lifecycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/examples#lifecycle-of-a-fleet-bundle"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/examples#deploy-kubernetes-manifests-across-clusters-with-customization"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/461a3020.951d1022.js b/assets/js/461a3020.ca933b05.js similarity index 97% rename from assets/js/461a3020.951d1022.js rename to assets/js/461a3020.ca933b05.js index 7ce49e8c3..a6080571d 100644 --- a/assets/js/461a3020.951d1022.js +++ b/assets/js/461a3020.ca933b05.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2343],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},p=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,i=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),p=c(n),f=a,m=p["".concat(i,".").concat(f)]||p[f]||d[f]||o;return n?r.createElement(m,l(l({ref:t},u),{},{components:n})):r.createElement(m,l({ref:t},u))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,l=new Array(o);l[0]=p;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,l[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>d,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},l="Advanced Users",s={unversionedId:"advanced-users",id:"advanced-users",title:"Advanced Users",description:"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.",source:"@site/docs/advanced-users.md",sourceDirName:".",slug:"/advanced-users",permalink:"/advanced-users",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/advanced-users.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Troubleshooting",permalink:"/troubleshooting"},next:{title:"Installation",permalink:"/installation"}},i={},c=[],u={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"advanced-users"},"Advanced Users"),(0,a.kt)("p",null,"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases."),(0,a.kt)("p",null,"The following are examples of advanced use cases:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},"Nested GitRepo CRs"),(0,a.kt)("blockquote",{parentName:"li"},(0,a.kt)("p",{parentName:"blockquote"},"Managing Fleet within Fleet (nested GitRepo usage) is not currently supported. We will update the documentation if support becomes available."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/single-cluster-install"},"Single cluster installation"))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/multi-cluster-install"},"Multi-cluster installation")," "))),(0,a.kt)("p",null,"Please refer to the ",(0,a.kt)("a",{parentName:"p",href:"/installation"},"installation")," and the ",(0,a.kt)("a",{parentName:"p",href:"/uninstall"},"uninstall")," documentation for additional information."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2343],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},p=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,i=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),p=c(n),f=a,m=p["".concat(i,".").concat(f)]||p[f]||d[f]||o;return n?r.createElement(m,l(l({ref:t},u),{},{components:n})):r.createElement(m,l({ref:t},u))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,l=new Array(o);l[0]=p;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,l[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>d,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},l="Advanced Users",s={unversionedId:"advanced-users",id:"advanced-users",title:"Advanced Users",description:"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.",source:"@site/docs/advanced-users.md",sourceDirName:".",slug:"/advanced-users",permalink:"/advanced-users",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/advanced-users.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Troubleshooting",permalink:"/troubleshooting"},next:{title:"Installation",permalink:"/installation"}},i={},c=[],u={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"advanced-users"},"Advanced Users"),(0,a.kt)("p",null,"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases."),(0,a.kt)("p",null,"The following are examples of advanced use cases:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},"Nested GitRepo CRs"),(0,a.kt)("blockquote",{parentName:"li"},(0,a.kt)("p",{parentName:"blockquote"},"Managing Fleet within Fleet (nested GitRepo usage) is not currently supported. We will update the documentation if support becomes available."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/single-cluster-install"},"Single cluster installation"))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/multi-cluster-install"},"Multi-cluster installation")," "))),(0,a.kt)("p",null,"Please refer to the ",(0,a.kt)("a",{parentName:"p",href:"/installation"},"installation")," and the ",(0,a.kt)("a",{parentName:"p",href:"/uninstall"},"uninstall")," documentation for additional information."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/49af6a86.289be922.js b/assets/js/49af6a86.6909d500.js similarity index 98% rename from assets/js/49af6a86.289be922.js rename to assets/js/49af6a86.6909d500.js index 3227b9439..8ac9003f0 100644 --- a/assets/js/49af6a86.289be922.js +++ b/assets/js/49af6a86.6909d500.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7619],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),h=c(n),d=a,m=h["".concat(l,".").concat(d)]||h[d]||p[d]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=h;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Architecture",i={unversionedId:"architecture",id:"version-0.4/architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/versioned_docs/version-0.4/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/0.4/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/architecture.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/0.4/concepts"},next:{title:"Examples",permalink:"/0.4/examples"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/0.4/manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7619],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),h=c(n),d=a,m=h["".concat(l,".").concat(d)]||h[d]||p[d]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=h;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Architecture",i={unversionedId:"architecture",id:"version-0.4/architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/versioned_docs/version-0.4/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/0.4/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/architecture.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/0.4/concepts"},next:{title:"Examples",permalink:"/0.4/examples"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/0.4/manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file diff --git a/assets/js/4ccb6852.5d3e33e1.js b/assets/js/4ccb6852.19c42d0a.js similarity index 97% rename from assets/js/4ccb6852.5d3e33e1.js rename to assets/js/4ccb6852.19c42d0a.js index 41db42ff1..493d41b36 100644 --- a/assets/js/4ccb6852.5d3e33e1.js +++ b/assets/js/4ccb6852.19c42d0a.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3084],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},p=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},i={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,p=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||i[d]||o;return r?n.createElement(f,s(s({ref:t},p),{},{components:r})):n.createElement(f,s({ref:t},p))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>i,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Cluster Groups",l={unversionedId:"cluster-group",id:"cluster-group",title:"Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/docs/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cluster-group.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Manager Initiated",permalink:"/manager-initiated"},next:{title:"Namespaces",permalink:"/namespaces"}},c={},u=[],p={toc:u};function i(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-groups"},"Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}i.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3084],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},p=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},i={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,p=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||i[d]||o;return r?n.createElement(f,s(s({ref:t},p),{},{components:r})):n.createElement(f,s({ref:t},p))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>i,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Cluster Groups",l={unversionedId:"cluster-group",id:"cluster-group",title:"Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/docs/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cluster-group.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Manager Initiated",permalink:"/manager-initiated"},next:{title:"Namespaces",permalink:"/namespaces"}},c={},u=[],p={toc:u};function i(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-groups"},"Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}i.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/4fac8f87.8632f7be.js b/assets/js/4fac8f87.a67bd685.js similarity index 94% rename from assets/js/4fac8f87.8632f7be.js rename to assets/js/4fac8f87.a67bd685.js index 02c1c9f38..1bf50e01b 100644 --- a/assets/js/4fac8f87.8632f7be.js +++ b/assets/js/4fac8f87.a67bd685.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7526],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(s,".").concat(m)]||d[m]||u[m]||l;return n?r.createElement(f,o(o({ref:t},p),{},{components:n})):r.createElement(f,o({ref:t},p))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},o="Quick Start",i={unversionedId:"quickstart",id:"version-0.4/quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/versioned_docs/version-0.4/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/0.4/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/quickstart.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.4/"},next:{title:"Core Concepts",permalink:"/0.4/concepts"}},s={},c=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"quick-start"},"Quick Start"),(0,a.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,a.kt)("h2",{id:"install"},"Install"),(0,a.kt)("p",null,"Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure\nthings to your cluster."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,a.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.0/fleet-crd-v0.4.0.tgz\nhelm -n cattle-fleet-system install --create-namespace --wait \\\n fleet https://github.com/rancher/fleet/releases/download/v0.4.0/fleet-v0.4.0.tgz\n")),(0,a.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to watch"),(0,a.kt)("p",null,"Change ",(0,a.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,a.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be ran in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,a.kt)("h2",{id:"get-status"},"Get Status"),(0,a.kt)("p",null,"Get status of what fleet is doing"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,a.kt)("p",null,"You should see something like this get created in your cluster."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,a.kt)("p",null,"Enjoy and read the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7526],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(s,".").concat(m)]||d[m]||u[m]||l;return n?r.createElement(f,o(o({ref:t},p),{},{components:n})):r.createElement(f,o({ref:t},p))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},o="Quick Start",i={unversionedId:"quickstart",id:"version-0.4/quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/versioned_docs/version-0.4/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/0.4/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/quickstart.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.4/"},next:{title:"Core Concepts",permalink:"/0.4/concepts"}},s={},c=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"quick-start"},"Quick Start"),(0,a.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,a.kt)("h2",{id:"install"},"Install"),(0,a.kt)("p",null,"Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure\nthings to your cluster."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,a.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-v0.4.1.tgz\nhelm -n cattle-fleet-system install --create-namespace --wait \\\n fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-v0.4.1.tgz\n")),(0,a.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to watch"),(0,a.kt)("p",null,"Change ",(0,a.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,a.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be ran in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,a.kt)("h2",{id:"get-status"},"Get Status"),(0,a.kt)("p",null,"Get status of what fleet is doing"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,a.kt)("p",null,"You should see something like this get created in your cluster."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,a.kt)("p",null,"Enjoy and read the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/522d95f1.7df4be61.js b/assets/js/522d95f1.dfb57b7a.js similarity index 98% rename from assets/js/522d95f1.7df4be61.js rename to assets/js/522d95f1.dfb57b7a.js index f6547391d..8ea85b922 100644 --- a/assets/js/522d95f1.7df4be61.js +++ b/assets/js/522d95f1.dfb57b7a.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5279],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var o=r.createContext({}),c=function(e){var t=r.useContext(o),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(o.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,o=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=l,h=m["".concat(o,".").concat(d)]||m[d]||p[d]||a;return n?r.createElement(h,i(i({ref:t},u),{},{components:n})):r.createElement(h,i({ref:t},u))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,i=new Array(a);i[0]=m;var s={};for(var o in t)hasOwnProperty.call(t,o)&&(s[o]=t[o]);s.originalType=e,s.mdxType="string"==typeof e?e:l,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>o,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},i="Multi-cluster Install",s={unversionedId:"multi-cluster-install",id:"version-0.4/multi-cluster-install",title:"Multi-cluster Install",description:"Note: Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under Continuous Delivery on Rancher.",source:"@site/versioned_docs/version-0.4/multi-cluster-install.md",sourceDirName:".",slug:"/multi-cluster-install",permalink:"/0.4/multi-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/multi-cluster-install.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Single Cluster Install",permalink:"/0.4/single-cluster-install"},next:{title:"Uninstall",permalink:"/0.4/uninstall"}},o={},c=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:2},{value:"Install",id:"install",level:2}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,l.kt)("wrapper",(0,r.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"multi-cluster-install"},"Multi-cluster Install"),(0,l.kt)("p",null,(0,l.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"Note:")," Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,l.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"Warning:")," The multi-cluster install described below is ",(0,l.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA. "),(0,l.kt)("p",null,"In the below use case, you will setup a centralized Fleet manager. The centralized Fleet manager is a\nKubernetes cluster running the Fleet controllers. After installing the Fleet manager, you will then\nneed to register remote downstream clusters with the Fleet manager."),(0,l.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,l.kt)("h3",{id:"helm-3"},"Helm 3"),(0,l.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,l.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,l.kt)("p",null,"macOS"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,l.kt)("p",null,"Windows"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,l.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,l.kt)("p",null,"The Fleet manager is a controller running on a Kubernetes cluster so an existing cluster is required. All\ndownstream cluster that will be managed will need to communicate to this central Kubernetes cluster. This\nmeans the Kubernetes API server URL must be accessible to the downstream clusters. Any Kubernetes community\nsupported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,l.kt)("h2",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,l.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config"),"). The ",(0,l.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,l.kt)("p",null,"Please note that the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,l.kt)("p",null,"If you have ",(0,l.kt)("inlineCode",{parentName:"p"},"jq")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"base64")," available then this one-liners will pull all CA certificates from your\n",(0,l.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," and place then in a file named ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem"),"."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n")),(0,l.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')),(0,l.kt)("h2",{id:"install"},"Install"),(0,l.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,l.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,l.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,l.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,l.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,l.kt)("p",null,"Run the following commands"),(0,l.kt)("p",null,"Setup the environment with your specific values."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,l.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,l.kt)("p",null,"First validate the server URL is correct."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fLk ${API_SERVER_URL}/version\n")),(0,l.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,l.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,l.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,l.kt)("inlineCode",{parentName:"p"},"--cacert ${API_SERVER_CA}")," part of the command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fL --cacert ${API_SERVER_CA} ${API_SERVER_URL}/version\n")),(0,l.kt)("p",null,"If you get a valid JSON response or an ",(0,l.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,l.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,l.kt)("inlineCode",{parentName:"p"},"${API_SERVER_CA}")," file should look similar to the below"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,l.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,l.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.0/fleet-crd-0.4.0.tgz\n")),(0,l.kt)("p",null,"Second install the Fleet controllers."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="${API_SERVER_URL}" \\\n --set-file apiServerCA="${API_SERVER_CA}" \\\n fleet https://github.com/rancher/fleet/releases/download/v0.4.0/fleet-0.4.0.tgz\n')),(0,l.kt)("p",null,"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,l.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-overview"},"register clusters")," and ",(0,l.kt)("a",{parentName:"p",href:"/0.4/gitrepo-add"},"git repos")," with\nthe Fleet manager."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5279],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var o=r.createContext({}),c=function(e){var t=r.useContext(o),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(o.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,o=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=l,h=m["".concat(o,".").concat(d)]||m[d]||p[d]||a;return n?r.createElement(h,i(i({ref:t},u),{},{components:n})):r.createElement(h,i({ref:t},u))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,i=new Array(a);i[0]=m;var s={};for(var o in t)hasOwnProperty.call(t,o)&&(s[o]=t[o]);s.originalType=e,s.mdxType="string"==typeof e?e:l,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>o,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},i="Multi-cluster Install",s={unversionedId:"multi-cluster-install",id:"version-0.4/multi-cluster-install",title:"Multi-cluster Install",description:"Note: Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under Continuous Delivery on Rancher.",source:"@site/versioned_docs/version-0.4/multi-cluster-install.md",sourceDirName:".",slug:"/multi-cluster-install",permalink:"/0.4/multi-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/multi-cluster-install.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Single Cluster Install",permalink:"/0.4/single-cluster-install"},next:{title:"Uninstall",permalink:"/0.4/uninstall"}},o={},c=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:2},{value:"Install",id:"install",level:2}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,l.kt)("wrapper",(0,r.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"multi-cluster-install"},"Multi-cluster Install"),(0,l.kt)("p",null,(0,l.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"Note:")," Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,l.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"Warning:")," The multi-cluster install described below is ",(0,l.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA. "),(0,l.kt)("p",null,"In the below use case, you will setup a centralized Fleet manager. The centralized Fleet manager is a\nKubernetes cluster running the Fleet controllers. After installing the Fleet manager, you will then\nneed to register remote downstream clusters with the Fleet manager."),(0,l.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,l.kt)("h3",{id:"helm-3"},"Helm 3"),(0,l.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,l.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,l.kt)("p",null,"macOS"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,l.kt)("p",null,"Windows"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,l.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,l.kt)("p",null,"The Fleet manager is a controller running on a Kubernetes cluster so an existing cluster is required. All\ndownstream cluster that will be managed will need to communicate to this central Kubernetes cluster. This\nmeans the Kubernetes API server URL must be accessible to the downstream clusters. Any Kubernetes community\nsupported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,l.kt)("h2",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,l.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config"),"). The ",(0,l.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,l.kt)("p",null,"Please note that the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,l.kt)("p",null,"If you have ",(0,l.kt)("inlineCode",{parentName:"p"},"jq")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"base64")," available then this one-liners will pull all CA certificates from your\n",(0,l.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," and place then in a file named ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem"),"."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n")),(0,l.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')),(0,l.kt)("h2",{id:"install"},"Install"),(0,l.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,l.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,l.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,l.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,l.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,l.kt)("p",null,"Run the following commands"),(0,l.kt)("p",null,"Setup the environment with your specific values."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,l.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,l.kt)("p",null,"First validate the server URL is correct."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fLk ${API_SERVER_URL}/version\n")),(0,l.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,l.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,l.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,l.kt)("inlineCode",{parentName:"p"},"--cacert ${API_SERVER_CA}")," part of the command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fL --cacert ${API_SERVER_CA} ${API_SERVER_URL}/version\n")),(0,l.kt)("p",null,"If you get a valid JSON response or an ",(0,l.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,l.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,l.kt)("inlineCode",{parentName:"p"},"${API_SERVER_CA}")," file should look similar to the below"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,l.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,l.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-0.4.1.tgz\n")),(0,l.kt)("p",null,"Second install the Fleet controllers."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="${API_SERVER_URL}" \\\n --set-file apiServerCA="${API_SERVER_CA}" \\\n fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-0.4.1.tgz\n')),(0,l.kt)("p",null,"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,l.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-overview"},"register clusters")," and ",(0,l.kt)("a",{parentName:"p",href:"/0.4/gitrepo-add"},"git repos")," with\nthe Fleet manager."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file diff --git a/assets/js/5281b7a2.5019f693.js b/assets/js/5281b7a2.4009f0ec.js similarity index 98% rename from assets/js/5281b7a2.5019f693.js rename to assets/js/5281b7a2.4009f0ec.js index 4c5ad8606..e292ee763 100644 --- a/assets/js/5281b7a2.5019f693.js +++ b/assets/js/5281b7a2.4009f0ec.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5927],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),h=c(n),m=a,d=h["".concat(l,".").concat(m)]||h[m]||p[m]||o;return n?r.createElement(d,s(s({ref:t},u),{},{components:n})):r.createElement(d,s({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=h;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Architecture",i={unversionedId:"architecture",id:"architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/docs/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/architecture.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/concepts"},next:{title:"Examples",permalink:"/examples"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5927],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),h=c(n),m=a,d=h["".concat(l,".").concat(m)]||h[m]||p[m]||o;return n?r.createElement(d,s(s({ref:t},u),{},{components:n})):r.createElement(d,s({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=h;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Architecture",i={unversionedId:"architecture",id:"architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/docs/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/architecture.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/concepts"},next:{title:"Examples",permalink:"/examples"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file diff --git a/assets/js/5379b7b3.103ba006.js b/assets/js/5379b7b3.c638c193.js similarity index 97% rename from assets/js/5379b7b3.103ba006.js rename to assets/js/5379b7b3.c638c193.js index 8d9aa1248..bb36f8c83 100644 --- a/assets/js/5379b7b3.103ba006.js +++ b/assets/js/5379b7b3.c638c193.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8228],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var n=r(7294);function i(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(i[r]=e[r]);return i}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(i[r]=e[r])}return i}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,i=e.mdxType,a=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(r),g=i,m=d["".concat(l,".").concat(g)]||d[g]||p[g]||a;return r?n.createElement(m,o(o({ref:t},u),{},{components:r})):n.createElement(m,o({ref:t},u))}));function g(e,t){var r=arguments,i=t&&t.mdxType;if("string"==typeof e||i){var a=r.length,o=new Array(a);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:i,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var n=r(7462),i=(r(7294),r(3905));const a={},o="Overview",s={unversionedId:"cluster-overview",id:"version-0.5/cluster-overview",title:"Overview",description:"There are two specific styles to registering clusters. These styles will be referred",source:"@site/versioned_docs/version-0.5/cluster-overview.md",sourceDirName:".",slug:"/cluster-overview",permalink:"/0.5/cluster-overview",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-overview.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Examples",permalink:"/0.5/examples"},next:{title:"Cluster Registration Tokens",permalink:"/0.5/cluster-tokens"}},l={},c=[{value:"Agent Initiated Registration",id:"agent-initiated-registration",level:2},{value:"Manager Initiated Registration",id:"manager-initiated-registration",level:2}],u={toc:c};function p(e){let{components:t,...r}=e;return(0,i.kt)("wrapper",(0,n.Z)({},u,r,{components:t,mdxType:"MDXLayout"}),(0,i.kt)("h1",{id:"overview"},"Overview"),(0,i.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,i.kt)("strong",{parentName:"p"},"agent initiated")," and ",(0,i.kt)("strong",{parentName:"p"},"manager initiated")," registration. Typically one would\ngo with the agent initiated registration but there are specific use cases in which\nmanager initiated is a better workflow."),(0,i.kt)("h2",{id:"agent-initiated-registration"},"Agent Initiated Registration"),(0,i.kt)("p",null,"Agent initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,i.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,i.kt)("h2",{id:"manager-initiated-registration"},"Manager Initiated Registration"),(0,i.kt)("p",null,"Manager initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8228],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var n=r(7294);function i(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(i[r]=e[r]);return i}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(i[r]=e[r])}return i}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,i=e.mdxType,a=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(r),g=i,m=d["".concat(l,".").concat(g)]||d[g]||p[g]||a;return r?n.createElement(m,o(o({ref:t},u),{},{components:r})):n.createElement(m,o({ref:t},u))}));function g(e,t){var r=arguments,i=t&&t.mdxType;if("string"==typeof e||i){var a=r.length,o=new Array(a);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:i,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var n=r(7462),i=(r(7294),r(3905));const a={},o="Overview",s={unversionedId:"cluster-overview",id:"version-0.5/cluster-overview",title:"Overview",description:"There are two specific styles to registering clusters. These styles will be referred",source:"@site/versioned_docs/version-0.5/cluster-overview.md",sourceDirName:".",slug:"/cluster-overview",permalink:"/0.5/cluster-overview",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-overview.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Examples",permalink:"/0.5/examples"},next:{title:"Cluster Registration Tokens",permalink:"/0.5/cluster-tokens"}},l={},c=[{value:"Agent Initiated Registration",id:"agent-initiated-registration",level:2},{value:"Manager Initiated Registration",id:"manager-initiated-registration",level:2}],u={toc:c};function p(e){let{components:t,...r}=e;return(0,i.kt)("wrapper",(0,n.Z)({},u,r,{components:t,mdxType:"MDXLayout"}),(0,i.kt)("h1",{id:"overview"},"Overview"),(0,i.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,i.kt)("strong",{parentName:"p"},"agent initiated")," and ",(0,i.kt)("strong",{parentName:"p"},"manager initiated")," registration. Typically one would\ngo with the agent initiated registration but there are specific use cases in which\nmanager initiated is a better workflow."),(0,i.kt)("h2",{id:"agent-initiated-registration"},"Agent Initiated Registration"),(0,i.kt)("p",null,"Agent initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,i.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,i.kt)("h2",{id:"manager-initiated-registration"},"Manager Initiated Registration"),(0,i.kt)("p",null,"Manager initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/57b32f77.1955520b.js b/assets/js/57b32f77.e4ae788c.js similarity index 97% rename from assets/js/57b32f77.1955520b.js rename to assets/js/57b32f77.e4ae788c.js index d9802db87..d44056589 100644 --- a/assets/js/57b32f77.1955520b.js +++ b/assets/js/57b32f77.e4ae788c.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3560],{3905:(e,t,r)=>{r.d(t,{Zo:()=>s,kt:()=>f});var n=r(7294);function o(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function c(e){for(var t=1;t=0||(o[r]=e[r]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(o[r]=e[r])}return o}var p=n.createContext({}),l=function(e){var t=n.useContext(p),r=t;return e&&(r="function"==typeof e?e(t):c(c({},t),e)),r},s=function(e){var t=l(e.components);return n.createElement(p.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,o=e.mdxType,a=e.originalType,p=e.parentName,s=i(e,["components","mdxType","originalType","parentName"]),d=l(r),f=o,m=d["".concat(p,".").concat(f)]||d[f]||u[f]||a;return r?n.createElement(m,c(c({ref:t},s),{},{components:r})):n.createElement(m,c({ref:t},s))}));function f(e,t){var r=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var a=r.length,c=new Array(a);c[0]=d;var i={};for(var p in t)hasOwnProperty.call(t,p)&&(i[p]=t[p]);i.originalType=e,i.mdxType="string"==typeof e?e:o,c[1]=i;for(var l=2;l{r.r(t),r.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>l});var n=r(7462),o=(r(7294),r(3905));const a={},c="GitRepo CRD",i={unversionedId:"ref-crd-gitrepo",id:"ref-crd-gitrepo",title:"GitRepo CRD",description:"The GitRepo resource describes git repositories, how to access them and where the bundles are located.",source:"@site/docs/ref-crd-gitrepo.md",sourceDirName:".",slug:"/ref-crd-gitrepo",permalink:"/ref-crd-gitrepo",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-crd-gitrepo.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle State",permalink:"/cluster-bundles-state"},next:{title:"fleet.yaml",permalink:"/ref-fleet-yaml"}},p={},l=[],s={toc:l};function u(e){let{components:t,...r}=e;return(0,o.kt)("wrapper",(0,n.Z)({},s,r,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"gitrepo-crd"},"GitRepo CRD"),(0,o.kt)("p",null,"The GitRepo resource describes git repositories, how to access them and where the bundles are located."),(0,o.kt)("p",null,"A full reference with explanations can be found in ",(0,o.kt)("a",{parentName:"p",href:"./gitrepo-add#create-gitrepo-instance"},"Adding a GitRepo"),"."),(0,o.kt)("p",null,"The content of the resource corresponds to the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#gitrepospec"},"GitRepoSpec"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3560],{3905:(e,t,r)=>{r.d(t,{Zo:()=>s,kt:()=>f});var n=r(7294);function o(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function c(e){for(var t=1;t=0||(o[r]=e[r]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(o[r]=e[r])}return o}var p=n.createContext({}),l=function(e){var t=n.useContext(p),r=t;return e&&(r="function"==typeof e?e(t):c(c({},t),e)),r},s=function(e){var t=l(e.components);return n.createElement(p.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,o=e.mdxType,a=e.originalType,p=e.parentName,s=i(e,["components","mdxType","originalType","parentName"]),d=l(r),f=o,m=d["".concat(p,".").concat(f)]||d[f]||u[f]||a;return r?n.createElement(m,c(c({ref:t},s),{},{components:r})):n.createElement(m,c({ref:t},s))}));function f(e,t){var r=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var a=r.length,c=new Array(a);c[0]=d;var i={};for(var p in t)hasOwnProperty.call(t,p)&&(i[p]=t[p]);i.originalType=e,i.mdxType="string"==typeof e?e:o,c[1]=i;for(var l=2;l{r.r(t),r.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>l});var n=r(7462),o=(r(7294),r(3905));const a={},c="GitRepo CRD",i={unversionedId:"ref-crd-gitrepo",id:"ref-crd-gitrepo",title:"GitRepo CRD",description:"The GitRepo resource describes git repositories, how to access them and where the bundles are located.",source:"@site/docs/ref-crd-gitrepo.md",sourceDirName:".",slug:"/ref-crd-gitrepo",permalink:"/ref-crd-gitrepo",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-crd-gitrepo.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle State",permalink:"/cluster-bundles-state"},next:{title:"fleet.yaml",permalink:"/ref-fleet-yaml"}},p={},l=[],s={toc:l};function u(e){let{components:t,...r}=e;return(0,o.kt)("wrapper",(0,n.Z)({},s,r,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"gitrepo-crd"},"GitRepo CRD"),(0,o.kt)("p",null,"The GitRepo resource describes git repositories, how to access them and where the bundles are located."),(0,o.kt)("p",null,"A full reference with explanations can be found in ",(0,o.kt)("a",{parentName:"p",href:"./gitrepo-add#create-gitrepo-instance"},"Adding a GitRepo"),"."),(0,o.kt)("p",null,"The content of the resource corresponds to the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#gitrepospec"},"GitRepoSpec"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/5a165616.2b660d98.js b/assets/js/5a165616.735e5d78.js similarity index 99% rename from assets/js/5a165616.2b660d98.js rename to assets/js/5a165616.735e5d78.js index c13ac7a3e..9e078ec9e 100644 --- a/assets/js/5a165616.2b660d98.js +++ b/assets/js/5a165616.735e5d78.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5764],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),p=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(l.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(n),d=r,h=m["".concat(l,".").concat(d)]||m[d]||u[d]||i;return n?a.createElement(h,o(o({ref:t},c),{},{components:n})):a.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=m;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const i={},o="Adding a GitRepo",s={unversionedId:"gitrepo-add",id:"gitrepo-add",title:"Adding a GitRepo",description:"Proper namespace",source:"@site/docs/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/gitrepo-add.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Multi Tenancy",permalink:"/multi-tenancy"},next:{title:"Expected Repo Structure",permalink:"/gitrepo-structure"}},l={},p=[{value:"Proper namespace",id:"proper-namespace",level:2},{value:"Create GitRepo instance",id:"create-gitrepo-instance",level:2},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"adding-a-gitrepo"},"Adding a GitRepo"),(0,r.kt)("h2",{id:"proper-namespace"},"Proper namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"Users can create new workspaces and move clusters across workspaces. An example of a special case might be including the local cluster in the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," payload for config maps and secrets (no active deployments or payloads)."),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"While it's possible to move clusters out of either workspace, we recommend that you keep the local cluster in ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local"),".")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo instance"),(0,r.kt)("p",null,"Git repositories are register by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," following the below YAML sample. Refer\nto the inline comments as the means of each field"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n # \n # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression. \n # Credentials will always be used if it is empty or not provided\n # \n # helmRepoUrlRegex: https://charts.rancher.io/*\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n #\n # pollingInterval: 15\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n')),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. Split them into different gitrepos, or use\n",(0,r.kt)("inlineCode",{parentName:"p"},"helmRepoUrlRegex")," to limit the scope of credentials to certain servers.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"If you are using ",(0,r.kt)("a",{parentName:"p",href:"https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher"},'"rancher-backups"')," and want this secret to be included the backup, please add the label ",(0,r.kt)("inlineCode",{parentName:"p"},"resources.cattle.io/backup: true")," to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials."),(0,r.kt)("h1",{parentName:"admonition",id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",{parentName:"admonition"},"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/troubleshooting"},"here"),".")))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5764],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),p=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(l.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(n),d=r,h=m["".concat(l,".").concat(d)]||m[d]||u[d]||i;return n?a.createElement(h,o(o({ref:t},c),{},{components:n})):a.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=m;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const i={},o="Adding a GitRepo",s={unversionedId:"gitrepo-add",id:"gitrepo-add",title:"Adding a GitRepo",description:"Proper namespace",source:"@site/docs/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/gitrepo-add.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Multi Tenancy",permalink:"/multi-tenancy"},next:{title:"Expected Repo Structure",permalink:"/gitrepo-structure"}},l={},p=[{value:"Proper namespace",id:"proper-namespace",level:2},{value:"Create GitRepo instance",id:"create-gitrepo-instance",level:2},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"adding-a-gitrepo"},"Adding a GitRepo"),(0,r.kt)("h2",{id:"proper-namespace"},"Proper namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"Users can create new workspaces and move clusters across workspaces. An example of a special case might be including the local cluster in the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," payload for config maps and secrets (no active deployments or payloads)."),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"While it's possible to move clusters out of either workspace, we recommend that you keep the local cluster in ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local"),".")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo instance"),(0,r.kt)("p",null,"Git repositories are register by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," following the below YAML sample. Refer\nto the inline comments as the means of each field"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n # \n # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression. \n # Credentials will always be used if it is empty or not provided\n # \n # helmRepoUrlRegex: https://charts.rancher.io/*\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n #\n # pollingInterval: 15\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n')),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. Split them into different gitrepos, or use\n",(0,r.kt)("inlineCode",{parentName:"p"},"helmRepoUrlRegex")," to limit the scope of credentials to certain servers.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"If you are using ",(0,r.kt)("a",{parentName:"p",href:"https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher"},'"rancher-backups"')," and want this secret to be included the backup, please add the label ",(0,r.kt)("inlineCode",{parentName:"p"},"resources.cattle.io/backup: true")," to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials."),(0,r.kt)("h1",{parentName:"admonition",id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",{parentName:"admonition"},"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/troubleshooting"},"here"),".")))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/63e62f73.e7e6729e.js b/assets/js/63e62f73.a86528cb.js similarity index 96% rename from assets/js/63e62f73.e7e6729e.js rename to assets/js/63e62f73.a86528cb.js index 667ca047e..421263a31 100644 --- a/assets/js/63e62f73.e7e6729e.js +++ b/assets/js/63e62f73.a86528cb.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9719],{3905:(e,t,r)=>{r.d(t,{Zo:()=>s,kt:()=>d});var n=r(7294);function l(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(l[r]=e[r]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(l[r]=e[r])}return l}var i=n.createContext({}),f=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},s=function(e){var t=f(e.components);return n.createElement(i.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var r=e.components,l=e.mdxType,a=e.originalType,i=e.parentName,s=c(e,["components","mdxType","originalType","parentName"]),u=f(r),d=l,m=u["".concat(i,".").concat(d)]||u[d]||p[d]||a;return r?n.createElement(m,o(o({ref:t},s),{},{components:r})):n.createElement(m,o({ref:t},s))}));function d(e,t){var r=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=r.length,o=new Array(a);o[0]=u;var c={};for(var i in t)hasOwnProperty.call(t,i)&&(c[i]=t[i]);c.originalType=e,c.mdxType="string"==typeof e?e:l,o[1]=c;for(var f=2;f{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>c,toc:()=>f});var n=r(7462),l=(r(7294),r(3905));const a={title:"",sidebar_label:"fleet-manager"},o=void 0,c={unversionedId:"cli/fleet-controller/fleet-manager",id:"cli/fleet-controller/fleet-manager",title:"",description:"fleet-manager",source:"@site/docs/cli/fleet-controller/fleet-manager.md",sourceDirName:"cli/fleet-controller",slug:"/cli/fleet-controller/fleet-manager",permalink:"/cli/fleet-controller/fleet-manager",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-controller/fleet-manager.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{title:"",sidebar_label:"fleet-manager"},sidebar:"docs",previous:{title:"fleet test",permalink:"/cli/fleet-cli/fleet_test"}},i={},f=[{value:"fleet-manager",id:"fleet-manager",level:2},{value:"Options",id:"options",level:3}],s={toc:f};function p(e){let{components:t,...r}=e;return(0,l.kt)("wrapper",(0,n.Z)({},s,r,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-manager"},"fleet-manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet-manager [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n --disable-bootstrap disable local cluster components\n --disable-gitops disable gitops components\n -h, --help help for fleet-manager\n --kubeconfig string Kubeconfig file\n --namespace string namespace to watch (default "cattle-fleet-system")\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9719],{3905:(e,t,r)=>{r.d(t,{Zo:()=>s,kt:()=>d});var n=r(7294);function l(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(l[r]=e[r]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(l[r]=e[r])}return l}var i=n.createContext({}),f=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},s=function(e){var t=f(e.components);return n.createElement(i.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var r=e.components,l=e.mdxType,a=e.originalType,i=e.parentName,s=c(e,["components","mdxType","originalType","parentName"]),u=f(r),d=l,m=u["".concat(i,".").concat(d)]||u[d]||p[d]||a;return r?n.createElement(m,o(o({ref:t},s),{},{components:r})):n.createElement(m,o({ref:t},s))}));function d(e,t){var r=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=r.length,o=new Array(a);o[0]=u;var c={};for(var i in t)hasOwnProperty.call(t,i)&&(c[i]=t[i]);c.originalType=e,c.mdxType="string"==typeof e?e:l,o[1]=c;for(var f=2;f{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>c,toc:()=>f});var n=r(7462),l=(r(7294),r(3905));const a={title:"",sidebar_label:"fleet-manager"},o=void 0,c={unversionedId:"cli/fleet-controller/fleet-manager",id:"cli/fleet-controller/fleet-manager",title:"",description:"fleet-manager",source:"@site/docs/cli/fleet-controller/fleet-manager.md",sourceDirName:"cli/fleet-controller",slug:"/cli/fleet-controller/fleet-manager",permalink:"/cli/fleet-controller/fleet-manager",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-controller/fleet-manager.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{title:"",sidebar_label:"fleet-manager"},sidebar:"docs",previous:{title:"fleet test",permalink:"/cli/fleet-cli/fleet_test"}},i={},f=[{value:"fleet-manager",id:"fleet-manager",level:2},{value:"Options",id:"options",level:3}],s={toc:f};function p(e){let{components:t,...r}=e;return(0,l.kt)("wrapper",(0,n.Z)({},s,r,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-manager"},"fleet-manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet-manager [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n --disable-bootstrap disable local cluster components\n --disable-gitops disable gitops components\n -h, --help help for fleet-manager\n --kubeconfig string Kubeconfig file\n --namespace string namespace to watch (default "cattle-fleet-system")\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/680ed9ed.1f3e806a.js b/assets/js/680ed9ed.ee30c6a1.js similarity index 98% rename from assets/js/680ed9ed.1f3e806a.js rename to assets/js/680ed9ed.ee30c6a1.js index 5eedb08c3..57174c663 100644 --- a/assets/js/680ed9ed.1f3e806a.js +++ b/assets/js/680ed9ed.ee30c6a1.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[835],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),s=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=s(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=c(e,["components","mdxType","originalType","parentName"]),d=s(n),m=a,g=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?r.createElement(g,o(o({ref:t},u),{},{components:n})):r.createElement(g,o({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,o=new Array(i);o[0]=d;var c={};for(var l in t)hasOwnProperty.call(t,l)&&(c[l]=t[l]);c.originalType=e,c.mdxType="string"==typeof e?e:a,o[1]=c;for(var s=2;s{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>c,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const i={},o="Manager Initiated",c={unversionedId:"manager-initiated",id:"version-0.4/manager-initiated",title:"Manager Initiated",description:"Refer to the overview page for a background information on the manager initiated registration style.",source:"@site/versioned_docs/version-0.4/manager-initiated.md",sourceDirName:".",slug:"/manager-initiated",permalink:"/0.4/manager-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/manager-initiated.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Agent Initiated",permalink:"/0.4/agent-initiated"},next:{title:"Cluster Groups",permalink:"/0.4/cluster-group"}},l={},s=[{value:"Kubeconfig Secret",id:"kubeconfig-secret",level:2},{value:"Example",id:"example",level:2},{value:"Kubeconfig Secret",id:"kubeconfig-secret-1",level:3},{value:"Cluster",id:"cluster",level:3}],u={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"manager-initiated"},"Manager Initiated"),(0,a.kt)("p",null,"Refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the manager initiated registration style."),(0,a.kt)("h2",{id:"kubeconfig-secret"},"Kubeconfig Secret"),(0,a.kt)("p",null,"The manager initiated registration flow is accomplished by creating a\n",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,a.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,a.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,a.kt)("p",null,"The format of this secret is intended to match the ",(0,a.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format"),"\nof the kubeconfig\nsecret used in ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically\nregistered with Fleet."),(0,a.kt)("h2",{id:"example"},"Example"),(0,a.kt)("h3",{id:"kubeconfig-secret-1"},"Kubeconfig Secret"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,a.kt)("h3",{id:"cluster"},"Cluster"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[835],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),s=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=s(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=c(e,["components","mdxType","originalType","parentName"]),d=s(n),m=a,g=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?r.createElement(g,o(o({ref:t},u),{},{components:n})):r.createElement(g,o({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,o=new Array(i);o[0]=d;var c={};for(var l in t)hasOwnProperty.call(t,l)&&(c[l]=t[l]);c.originalType=e,c.mdxType="string"==typeof e?e:a,o[1]=c;for(var s=2;s{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>c,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const i={},o="Manager Initiated",c={unversionedId:"manager-initiated",id:"version-0.4/manager-initiated",title:"Manager Initiated",description:"Refer to the overview page for a background information on the manager initiated registration style.",source:"@site/versioned_docs/version-0.4/manager-initiated.md",sourceDirName:".",slug:"/manager-initiated",permalink:"/0.4/manager-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/manager-initiated.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Agent Initiated",permalink:"/0.4/agent-initiated"},next:{title:"Cluster Groups",permalink:"/0.4/cluster-group"}},l={},s=[{value:"Kubeconfig Secret",id:"kubeconfig-secret",level:2},{value:"Example",id:"example",level:2},{value:"Kubeconfig Secret",id:"kubeconfig-secret-1",level:3},{value:"Cluster",id:"cluster",level:3}],u={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"manager-initiated"},"Manager Initiated"),(0,a.kt)("p",null,"Refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the manager initiated registration style."),(0,a.kt)("h2",{id:"kubeconfig-secret"},"Kubeconfig Secret"),(0,a.kt)("p",null,"The manager initiated registration flow is accomplished by creating a\n",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,a.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,a.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,a.kt)("p",null,"The format of this secret is intended to match the ",(0,a.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format"),"\nof the kubeconfig\nsecret used in ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically\nregistered with Fleet."),(0,a.kt)("h2",{id:"example"},"Example"),(0,a.kt)("h3",{id:"kubeconfig-secret-1"},"Kubeconfig Secret"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,a.kt)("h3",{id:"cluster"},"Cluster"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/6cf4c0df.ebe26525.js b/assets/js/6cf4c0df.45a4ac69.js similarity index 98% rename from assets/js/6cf4c0df.ebe26525.js rename to assets/js/6cf4c0df.45a4ac69.js index bacfd7c7e..1acb47df2 100644 --- a/assets/js/6cf4c0df.ebe26525.js +++ b/assets/js/6cf4c0df.45a4ac69.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2418],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Webhook",l={unversionedId:"webhook",id:"version-0.5/webhook",title:"Webhook",description:"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,",source:"@site/versioned_docs/version-0.5/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/0.5/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/webhook.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.5/bundle-diffs"},next:{title:"Image scan",permalink:"/0.5/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"webhook"},"Webhook"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,\nGitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2418],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Webhook",l={unversionedId:"webhook",id:"version-0.5/webhook",title:"Webhook",description:"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,",source:"@site/versioned_docs/version-0.5/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/0.5/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/webhook.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.5/bundle-diffs"},next:{title:"Image scan",permalink:"/0.5/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"webhook"},"Webhook"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,\nGitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file diff --git a/assets/js/6f2a0b31.098cb515.js b/assets/js/6f2a0b31.806737ac.js similarity index 98% rename from assets/js/6f2a0b31.098cb515.js rename to assets/js/6f2a0b31.806737ac.js index 8cb6d4563..2f5f8d433 100644 --- a/assets/js/6f2a0b31.098cb515.js +++ b/assets/js/6f2a0b31.806737ac.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1266],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function s(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var c=a.createContext({}),i=function(e){var t=a.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},p=function(e){var t=i(e.components);return a.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,c=e.parentName,p=o(e,["components","mdxType","originalType","parentName"]),m=i(n),d=r,f=m["".concat(c,".").concat(d)]||m[d]||u[d]||l;return n?a.createElement(f,s(s({ref:t},p),{},{components:n})):a.createElement(f,s({ref:t},p))}));function d(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,s=new Array(l);s[0]=m;var o={};for(var c in t)hasOwnProperty.call(t,c)&&(o[c]=t[c]);o.originalType=e,o.mdxType="string"==typeof e?e:r,s[1]=o;for(var i=2;i{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>u,frontMatter:()=>l,metadata:()=>o,toc:()=>i});var a=n(7462),r=(n(7294),n(3905));const l={},s="Multi Tenancy",o={unversionedId:"multi-tenancy",id:"multi-tenancy",title:"Multi Tenancy",description:"Fleet uses Kubernetes RBAC where possible.",source:"@site/docs/multi-tenancy.md",sourceDirName:".",slug:"/multi-tenancy",permalink:"/multi-tenancy",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/multi-tenancy.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/namespaces"},next:{title:"Adding a GitRepo",permalink:"/gitrepo-add"}},c={},i=[{value:"Example Tenant",id:"example-tenant",level:2},{value:"Allow Access to Clusters",id:"allow-access-to-clusters",level:2},{value:"Restricting Access to Downstream Clusters",id:"restricting-access-to-downstream-clusters",level:2},{value:"An Example GitRepo Resource",id:"an-example-gitrepo-resource",level:2}],p={toc:i};function u(e){let{components:t,...l}=e;return(0,r.kt)("wrapper",(0,a.Z)({},p,l,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"multi-tenancy"},"Multi Tenancy"),(0,r.kt)("p",null,"Fleet uses Kubernetes RBAC where possible."),(0,r.kt)("p",null,"One addition on top of RBAC is the ",(0,r.kt)("a",{parentName:"p",href:"namespaces#restricting-gitrepos"},(0,r.kt)("inlineCode",{parentName:"a"},"GitRepoRestriction"))," resource, which can be used to control GitRepo resources in a namespace."),(0,r.kt)("p",null,"A multi-tenant fleet setup looks like this:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},"tenants don't share namespaces, each tenant has one or more namespaces on the\nupstream cluster, where they can create GitRepo resources"),(0,r.kt)("li",{parentName:"ul"},"tenants can't deploy cluster wide resources and are limited to a set of\nnamespaces on downstream clusters"),(0,r.kt)("li",{parentName:"ul"},"clusters are in a separate namespace")),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Shared Clusters",src:n(9497).Z,width:"2488",height:"1769"})),(0,r.kt)("h2",{id:"example-tenant"},"Example Tenant"),(0,r.kt)("p",null,"This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create serviceaccount fleetuser\nkubectl create namespace project1\nkubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser\n")),(0,r.kt)("p",null,"If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\nkubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\n")),(0,r.kt)("p",null,"This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces."),(0,r.kt)("h2",{id:"allow-access-to-clusters"},"Allow Access to Clusters"),(0,r.kt)("p",null,"This assumes all GitRepos created by 'fleetuser' have the ",(0,r.kt)("inlineCode",{parentName:"p"},"team: one")," label. Different labels could be used, to select different cluster namespaces."),(0,r.kt)("p",null,"In each of the user's namespaces, as an admin create a ",(0,r.kt)("a",{parentName:"p",href:"./namespaces#cross-namespace-deployments"},(0,r.kt)("inlineCode",{parentName:"a"},"BundleNamespaceMapping")),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: mapping\n namespace: project1\n\n# Bundles to match by label.\n# The labels are defined in the fleet.yaml # labels field or from the\n# GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n team: one\n # or target one repo\n #fleet.cattle.io/repo-name: simpleapp\n\n# Namespaces, containing clusters, to match by label\nnamespaceSelector:\n matchLabels:\n kubernetes.io/metadata.name: fleet-default\n # the label is on the namespace\n #workspace: prod\n")),(0,r.kt)("p",null,"The ",(0,r.kt)("a",{parentName:"p",href:"./gitrepo-targets"},(0,r.kt)("inlineCode",{parentName:"a"},"target")," section")," in the GitRepo resource can be used to deploy only to a subset of the matched clusters."),(0,r.kt)("h2",{id:"restricting-access-to-downstream-clusters"},"Restricting Access to Downstream Clusters"),(0,r.kt)("p",null,"Admins can further restrict tenants by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," in each of their namespaces."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: project1\n\nallowedTargetNamespaces:\n - project1simpleapp\n")),(0,r.kt)("p",null,"This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace."),(0,r.kt)("h2",{id:"an-example-gitrepo-resource"},"An Example GitRepo Resource"),(0,r.kt)("p",null,"A GitRepo resource create by a tenant, without admin access could look like this:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: simpleapp\n namespace: project1\n labels:\n team: one\n\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - bundle-diffs\n\n targetNamespace: project1simpleapp\n\n # do not match the upstream/local cluster, won't work\n targets:\n - name: dev\n clusterSelector:\n matchLabels:\n env: dev\n")),(0,r.kt)("p",null,"This includes the ",(0,r.kt)("inlineCode",{parentName:"p"},"team: one")," label and and the required ",(0,r.kt)("inlineCode",{parentName:"p"},"targetNamespace"),"."),(0,r.kt)("p",null,"Together with the previous ",(0,r.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," it would target all clusters with a ",(0,r.kt)("inlineCode",{parentName:"p"},"env: dev")," label in the 'fleet-default' namespace."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," do not work with local clusters, so make sure not to target them.")))}u.isMDXComponent=!0},9497:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/FleetSharedClusters-b68f6c53b43cbb795e4d81cda9ebc2bc.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1266],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function s(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var c=a.createContext({}),i=function(e){var t=a.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},p=function(e){var t=i(e.components);return a.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,c=e.parentName,p=o(e,["components","mdxType","originalType","parentName"]),m=i(n),d=r,f=m["".concat(c,".").concat(d)]||m[d]||u[d]||l;return n?a.createElement(f,s(s({ref:t},p),{},{components:n})):a.createElement(f,s({ref:t},p))}));function d(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,s=new Array(l);s[0]=m;var o={};for(var c in t)hasOwnProperty.call(t,c)&&(o[c]=t[c]);o.originalType=e,o.mdxType="string"==typeof e?e:r,s[1]=o;for(var i=2;i{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>u,frontMatter:()=>l,metadata:()=>o,toc:()=>i});var a=n(7462),r=(n(7294),n(3905));const l={},s="Multi Tenancy",o={unversionedId:"multi-tenancy",id:"multi-tenancy",title:"Multi Tenancy",description:"Fleet uses Kubernetes RBAC where possible.",source:"@site/docs/multi-tenancy.md",sourceDirName:".",slug:"/multi-tenancy",permalink:"/multi-tenancy",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/multi-tenancy.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/namespaces"},next:{title:"Adding a GitRepo",permalink:"/gitrepo-add"}},c={},i=[{value:"Example Tenant",id:"example-tenant",level:2},{value:"Allow Access to Clusters",id:"allow-access-to-clusters",level:2},{value:"Restricting Access to Downstream Clusters",id:"restricting-access-to-downstream-clusters",level:2},{value:"An Example GitRepo Resource",id:"an-example-gitrepo-resource",level:2}],p={toc:i};function u(e){let{components:t,...l}=e;return(0,r.kt)("wrapper",(0,a.Z)({},p,l,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"multi-tenancy"},"Multi Tenancy"),(0,r.kt)("p",null,"Fleet uses Kubernetes RBAC where possible."),(0,r.kt)("p",null,"One addition on top of RBAC is the ",(0,r.kt)("a",{parentName:"p",href:"namespaces#restricting-gitrepos"},(0,r.kt)("inlineCode",{parentName:"a"},"GitRepoRestriction"))," resource, which can be used to control GitRepo resources in a namespace."),(0,r.kt)("p",null,"A multi-tenant fleet setup looks like this:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},"tenants don't share namespaces, each tenant has one or more namespaces on the\nupstream cluster, where they can create GitRepo resources"),(0,r.kt)("li",{parentName:"ul"},"tenants can't deploy cluster wide resources and are limited to a set of\nnamespaces on downstream clusters"),(0,r.kt)("li",{parentName:"ul"},"clusters are in a separate namespace")),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Shared Clusters",src:n(9497).Z,width:"2488",height:"1769"})),(0,r.kt)("h2",{id:"example-tenant"},"Example Tenant"),(0,r.kt)("p",null,"This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create serviceaccount fleetuser\nkubectl create namespace project1\nkubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser\n")),(0,r.kt)("p",null,"If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\nkubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\n")),(0,r.kt)("p",null,"This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces."),(0,r.kt)("h2",{id:"allow-access-to-clusters"},"Allow Access to Clusters"),(0,r.kt)("p",null,"This assumes all GitRepos created by 'fleetuser' have the ",(0,r.kt)("inlineCode",{parentName:"p"},"team: one")," label. Different labels could be used, to select different cluster namespaces."),(0,r.kt)("p",null,"In each of the user's namespaces, as an admin create a ",(0,r.kt)("a",{parentName:"p",href:"./namespaces#cross-namespace-deployments"},(0,r.kt)("inlineCode",{parentName:"a"},"BundleNamespaceMapping")),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: mapping\n namespace: project1\n\n# Bundles to match by label.\n# The labels are defined in the fleet.yaml # labels field or from the\n# GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n team: one\n # or target one repo\n #fleet.cattle.io/repo-name: simpleapp\n\n# Namespaces, containing clusters, to match by label\nnamespaceSelector:\n matchLabels:\n kubernetes.io/metadata.name: fleet-default\n # the label is on the namespace\n #workspace: prod\n")),(0,r.kt)("p",null,"The ",(0,r.kt)("a",{parentName:"p",href:"./gitrepo-targets"},(0,r.kt)("inlineCode",{parentName:"a"},"target")," section")," in the GitRepo resource can be used to deploy only to a subset of the matched clusters."),(0,r.kt)("h2",{id:"restricting-access-to-downstream-clusters"},"Restricting Access to Downstream Clusters"),(0,r.kt)("p",null,"Admins can further restrict tenants by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," in each of their namespaces."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: project1\n\nallowedTargetNamespaces:\n - project1simpleapp\n")),(0,r.kt)("p",null,"This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace."),(0,r.kt)("h2",{id:"an-example-gitrepo-resource"},"An Example GitRepo Resource"),(0,r.kt)("p",null,"A GitRepo resource create by a tenant, without admin access could look like this:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: simpleapp\n namespace: project1\n labels:\n team: one\n\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - bundle-diffs\n\n targetNamespace: project1simpleapp\n\n # do not match the upstream/local cluster, won't work\n targets:\n - name: dev\n clusterSelector:\n matchLabels:\n env: dev\n")),(0,r.kt)("p",null,"This includes the ",(0,r.kt)("inlineCode",{parentName:"p"},"team: one")," label and and the required ",(0,r.kt)("inlineCode",{parentName:"p"},"targetNamespace"),"."),(0,r.kt)("p",null,"Together with the previous ",(0,r.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," it would target all clusters with a ",(0,r.kt)("inlineCode",{parentName:"p"},"env: dev")," label in the 'fleet-default' namespace."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," do not work with local clusters, so make sure not to target them.")))}u.isMDXComponent=!0},9497:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/FleetSharedClusters-b68f6c53b43cbb795e4d81cda9ebc2bc.svg"}}]); \ No newline at end of file diff --git a/assets/js/755aca7b.acdd19d2.js b/assets/js/755aca7b.6251ef14.js similarity index 98% rename from assets/js/755aca7b.acdd19d2.js rename to assets/js/755aca7b.6251ef14.js index 853265fe1..2b68a303a 100644 --- a/assets/js/755aca7b.acdd19d2.js +++ b/assets/js/755aca7b.6251ef14.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9816],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,s=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),f=c(n),d=a,m=f["".concat(s,".").concat(d)]||f[d]||p[d]||i;return n?r.createElement(m,l(l({ref:t},u),{},{components:n})):r.createElement(m,l({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,l=new Array(i);l[0]=f;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>l,default:()=>p,frontMatter:()=>i,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const i={},l="Installation",o={unversionedId:"installation",id:"version-0.5/installation",title:"Installation",description:"The installation is broken up into two different use cases: Single and",source:"@site/versioned_docs/version-0.5/installation.md",sourceDirName:".",slug:"/installation",permalink:"/0.5/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/installation.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Advanced Users",permalink:"/0.5/advanced-users"},next:{title:"Single Cluster Install",permalink:"/0.5/single-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"installation"},"Installation"),(0,a.kt)("p",null,"The installation is broken up into two different use cases: ",(0,a.kt)("a",{parentName:"p",href:"/0.5/single-cluster-install"},"Single")," and\n",(0,a.kt)("a",{parentName:"p",href:"/0.5/multi-cluster-install"},"Multi-Cluster")," install. The single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,a.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9816],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,s=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),f=c(n),d=a,m=f["".concat(s,".").concat(d)]||f[d]||p[d]||i;return n?r.createElement(m,l(l({ref:t},u),{},{components:n})):r.createElement(m,l({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,l=new Array(i);l[0]=f;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>l,default:()=>p,frontMatter:()=>i,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const i={},l="Installation",o={unversionedId:"installation",id:"version-0.5/installation",title:"Installation",description:"The installation is broken up into two different use cases: Single and",source:"@site/versioned_docs/version-0.5/installation.md",sourceDirName:".",slug:"/installation",permalink:"/0.5/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/installation.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Advanced Users",permalink:"/0.5/advanced-users"},next:{title:"Single Cluster Install",permalink:"/0.5/single-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"installation"},"Installation"),(0,a.kt)("p",null,"The installation is broken up into two different use cases: ",(0,a.kt)("a",{parentName:"p",href:"/0.5/single-cluster-install"},"Single")," and\n",(0,a.kt)("a",{parentName:"p",href:"/0.5/multi-cluster-install"},"Multi-Cluster")," install. The single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,a.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/762abe3e.25f5ed7b.js b/assets/js/762abe3e.00af4f07.js similarity index 97% rename from assets/js/762abe3e.25f5ed7b.js rename to assets/js/762abe3e.00af4f07.js index 95306e88a..c01ca2ac1 100644 --- a/assets/js/762abe3e.25f5ed7b.js +++ b/assets/js/762abe3e.00af4f07.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6961],{3905:(e,r,t)=>{t.d(r,{Zo:()=>u,kt:()=>d});var n=t(7294);function o(e,r,t){return r in e?Object.defineProperty(e,r,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[r]=t,e}function s(e,r){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);r&&(n=n.filter((function(r){return Object.getOwnPropertyDescriptor(e,r).enumerable}))),t.push.apply(t,n)}return t}function c(e){for(var r=1;r=0||(o[t]=e[t]);return o}(e,r);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var i=n.createContext({}),l=function(e){var r=n.useContext(i),t=r;return e&&(t="function"==typeof e?e(r):c(c({},r),e)),t},u=function(e){var r=l(e.components);return n.createElement(i.Provider,{value:r},e.children)},p={inlineCode:"code",wrapper:function(e){var r=e.children;return n.createElement(n.Fragment,{},r)}},f=n.forwardRef((function(e,r){var t=e.components,o=e.mdxType,s=e.originalType,i=e.parentName,u=a(e,["components","mdxType","originalType","parentName"]),f=l(t),d=o,m=f["".concat(i,".").concat(d)]||f[d]||p[d]||s;return t?n.createElement(m,c(c({ref:r},u),{},{components:t})):n.createElement(m,c({ref:r},u))}));function d(e,r){var t=arguments,o=r&&r.mdxType;if("string"==typeof e||o){var s=t.length,c=new Array(s);c[0]=f;var a={};for(var i in r)hasOwnProperty.call(r,i)&&(a[i]=r[i]);a.originalType=e,a.mdxType="string"==typeof e?e:o,c[1]=a;for(var l=2;l{t.r(r),t.d(r,{assets:()=>i,contentTitle:()=>c,default:()=>p,frontMatter:()=>s,metadata:()=>a,toc:()=>l});var n=t(7462),o=(t(7294),t(3905));const s={},c="Resources",a={unversionedId:"ref-resources",id:"ref-resources",title:"Resources",description:"This shows the resources, also the internal ones, involved in creating a deployment from a git repository.",source:"@site/docs/ref-resources.md",sourceDirName:".",slug:"/ref-resources",permalink:"/ref-resources",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-resources.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/ref-namespaces"},next:{title:"Configuration",permalink:"/ref-configuration"}},i={},l=[],u={toc:l};function p(e){let{components:r,...s}=e;return(0,o.kt)("wrapper",(0,n.Z)({},u,s,{components:r,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"resources"},"Resources"),(0,o.kt)("p",null,"This shows the resources, also the internal ones, involved in creating a deployment from a git repository."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Resources",src:t(925).Z,width:"826",height:"1301"})))}p.isMDXComponent=!0},925:(e,r,t)=>{t.d(r,{Z:()=>n});const n=t.p+"assets/images/FleetResources-7c2b1498c93f41c2c125ee4b4b537657.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6961],{3905:(e,r,t)=>{t.d(r,{Zo:()=>u,kt:()=>d});var n=t(7294);function o(e,r,t){return r in e?Object.defineProperty(e,r,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[r]=t,e}function s(e,r){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);r&&(n=n.filter((function(r){return Object.getOwnPropertyDescriptor(e,r).enumerable}))),t.push.apply(t,n)}return t}function c(e){for(var r=1;r=0||(o[t]=e[t]);return o}(e,r);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var i=n.createContext({}),l=function(e){var r=n.useContext(i),t=r;return e&&(t="function"==typeof e?e(r):c(c({},r),e)),t},u=function(e){var r=l(e.components);return n.createElement(i.Provider,{value:r},e.children)},p={inlineCode:"code",wrapper:function(e){var r=e.children;return n.createElement(n.Fragment,{},r)}},f=n.forwardRef((function(e,r){var t=e.components,o=e.mdxType,s=e.originalType,i=e.parentName,u=a(e,["components","mdxType","originalType","parentName"]),f=l(t),d=o,m=f["".concat(i,".").concat(d)]||f[d]||p[d]||s;return t?n.createElement(m,c(c({ref:r},u),{},{components:t})):n.createElement(m,c({ref:r},u))}));function d(e,r){var t=arguments,o=r&&r.mdxType;if("string"==typeof e||o){var s=t.length,c=new Array(s);c[0]=f;var a={};for(var i in r)hasOwnProperty.call(r,i)&&(a[i]=r[i]);a.originalType=e,a.mdxType="string"==typeof e?e:o,c[1]=a;for(var l=2;l{t.r(r),t.d(r,{assets:()=>i,contentTitle:()=>c,default:()=>p,frontMatter:()=>s,metadata:()=>a,toc:()=>l});var n=t(7462),o=(t(7294),t(3905));const s={},c="Resources",a={unversionedId:"ref-resources",id:"ref-resources",title:"Resources",description:"This shows the resources, also the internal ones, involved in creating a deployment from a git repository.",source:"@site/docs/ref-resources.md",sourceDirName:".",slug:"/ref-resources",permalink:"/ref-resources",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-resources.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/ref-namespaces"},next:{title:"Configuration",permalink:"/ref-configuration"}},i={},l=[],u={toc:l};function p(e){let{components:r,...s}=e;return(0,o.kt)("wrapper",(0,n.Z)({},u,s,{components:r,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"resources"},"Resources"),(0,o.kt)("p",null,"This shows the resources, also the internal ones, involved in creating a deployment from a git repository."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Resources",src:t(925).Z,width:"826",height:"1301"})))}p.isMDXComponent=!0},925:(e,r,t)=>{t.d(r,{Z:()=>n});const n=t.p+"assets/images/FleetResources-7c2b1498c93f41c2c125ee4b4b537657.svg"}}]); \ No newline at end of file diff --git a/assets/js/7c5d32d8.16ee7418.js b/assets/js/7c5d32d8.1d018540.js similarity index 99% rename from assets/js/7c5d32d8.16ee7418.js rename to assets/js/7c5d32d8.1d018540.js index cc7265ec6..649751fa5 100644 --- a/assets/js/7c5d32d8.16ee7418.js +++ b/assets/js/7c5d32d8.1d018540.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6250],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||l;return n?r.createElement(h,o(o({ref:t},p),{},{components:n})):r.createElement(h,o({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},o="Core Concepts",s={unversionedId:"concepts",id:"version-0.4/concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/versioned_docs/version-0.4/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/0.4/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/concepts.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/0.4/quickstart"},next:{title:"Architecture",permalink:"/0.4/architecture"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/0.4/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"lifecycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/0.4/examples#lifecycle-of-a-fleet-bundle"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/0.4/examples#deploy-kubernetes-manifests-across-clusters-with-customization"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6250],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||l;return n?r.createElement(h,o(o({ref:t},p),{},{components:n})):r.createElement(h,o({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},o="Core Concepts",s={unversionedId:"concepts",id:"version-0.4/concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/versioned_docs/version-0.4/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/0.4/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/concepts.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/0.4/quickstart"},next:{title:"Architecture",permalink:"/0.4/architecture"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/0.4/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"lifecycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/0.4/examples#lifecycle-of-a-fleet-bundle"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/0.4/examples#deploy-kubernetes-manifests-across-clusters-with-customization"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/7f3d36ad.3c826396.js b/assets/js/7f3d36ad.9c7882bd.js similarity index 98% rename from assets/js/7f3d36ad.3c826396.js rename to assets/js/7f3d36ad.9c7882bd.js index 6b2dc8554..445f2eb73 100644 --- a/assets/js/7f3d36ad.3c826396.js +++ b/assets/js/7f3d36ad.9c7882bd.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6255],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),h=c(n),d=a,m=h["".concat(l,".").concat(d)]||h[d]||p[d]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=h;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Architecture",i={unversionedId:"architecture",id:"version-0.5/architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/versioned_docs/version-0.5/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/0.5/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/architecture.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/0.5/concepts"},next:{title:"Examples",permalink:"/0.5/examples"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/0.5/manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6255],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),h=c(n),d=a,m=h["".concat(l,".").concat(d)]||h[d]||p[d]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=h;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Architecture",i={unversionedId:"architecture",id:"version-0.5/architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/versioned_docs/version-0.5/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/0.5/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/architecture.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/0.5/concepts"},next:{title:"Examples",permalink:"/0.5/examples"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/0.5/manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file diff --git a/assets/js/8070e160.1118f958.js b/assets/js/8070e160.1118f958.js new file mode 100644 index 000000000..1a5feb881 --- /dev/null +++ b/assets/js/8070e160.1118f958.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2651],{6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-0.5.2.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-agent-0.5.2.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-crd-0.5.2.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-0.6.0-rc.4.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-agent-0.6.0-rc.4.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-crd-0.6.0-rc.4.tgz"}}},2257:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>d,contentTitle:()=>i,default:()=>h,frontMatter:()=>o,metadata:()=>c,toc:()=>p});var l=a(7462),n=(a(7294),a(3905)),s=a(6828),r=a(814);const o={},i="Quick Start",c={unversionedId:"quickstart",id:"quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/docs/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/quickstart.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/"},next:{title:"Core Concepts",permalink:"/concepts"}},d={},p=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],u={toc:p};function h(e){let{components:t,...a}=e;return(0,n.kt)("wrapper",(0,l.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"quick-start"},"Quick Start"),(0,n.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null,"Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure\nthings to your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,n.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",s.d.next.fleetCRD,"\nhelm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",s.d.next.fleet),(0,n.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to watch"),(0,n.kt)("p",null,"Change ",(0,n.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,n.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be ran in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,n.kt)("h2",{id:"get-status"},"Get Status"),(0,n.kt)("p",null,"Get status of what fleet is doing"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,n.kt)("p",null,"You should see something like this get created in your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,n.kt)("p",null,"Enjoy and read the ",(0,n.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}h.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/8070e160.120f64b9.js b/assets/js/8070e160.120f64b9.js deleted file mode 100644 index c65fea7f3..000000000 --- a/assets/js/8070e160.120f64b9.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2651],{6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-0.5.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-agent-0.5.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-crd-0.5.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-0.6.0-alpha2.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-agent-0.6.0-alpha2.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-crd-0.6.0-alpha2.tgz"}}},2257:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>d,contentTitle:()=>i,default:()=>h,frontMatter:()=>o,metadata:()=>c,toc:()=>p});var l=a(7462),n=(a(7294),a(3905)),s=a(6828),r=a(814);const o={},i="Quick Start",c={unversionedId:"quickstart",id:"quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/docs/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/quickstart.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/"},next:{title:"Core Concepts",permalink:"/concepts"}},d={},p=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],u={toc:p};function h(e){let{components:t,...a}=e;return(0,n.kt)("wrapper",(0,l.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"quick-start"},"Quick Start"),(0,n.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null,"Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure\nthings to your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,n.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",s.d.next.fleetCRD,"\nhelm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",s.d.next.fleet),(0,n.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to watch"),(0,n.kt)("p",null,"Change ",(0,n.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,n.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be ran in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,n.kt)("h2",{id:"get-status"},"Get Status"),(0,n.kt)("p",null,"Get status of what fleet is doing"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,n.kt)("p",null,"You should see something like this get created in your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,n.kt)("p",null,"Enjoy and read the ",(0,n.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}h.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/834808ff.cf4b34de.js b/assets/js/834808ff.d4f8f7fc.js similarity index 98% rename from assets/js/834808ff.cf4b34de.js rename to assets/js/834808ff.d4f8f7fc.js index 40a1e0100..9768d61f9 100644 --- a/assets/js/834808ff.cf4b34de.js +++ b/assets/js/834808ff.d4f8f7fc.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3814],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>d});var n=r(7294);function o(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function i(e){for(var t=1;t=0||(o[r]=e[r]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(o[r]=e[r])}return o}var c=n.createContext({}),l=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):i(i({},t),e)),r},u=function(e){var t=l(e.components);return n.createElement(c.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},p=n.forwardRef((function(e,t){var r=e.components,o=e.mdxType,a=e.originalType,c=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),p=l(r),d=o,g=p["".concat(c,".").concat(d)]||p[d]||f[d]||a;return r?n.createElement(g,i(i({ref:t},u),{},{components:r})):n.createElement(g,i({ref:t},u))}));function d(e,t){var r=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var a=r.length,i=new Array(a);i[0]=p;var s={};for(var c in t)hasOwnProperty.call(t,c)&&(s[c]=t[c]);s.originalType=e,s.mdxType="string"==typeof e?e:o,i[1]=s;for(var l=2;l{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>f,frontMatter:()=>a,metadata:()=>s,toc:()=>l});var n=r(7462),o=(r(7294),r(3905));const a={},i="Registration",s={unversionedId:"ref-registration",id:"ref-registration",title:"Registration",description:"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.",source:"@site/docs/ref-registration.md",sourceDirName:".",slug:"/ref-registration",permalink:"/ref-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-registration.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Configuration",permalink:"/ref-configuration"},next:{title:"Custom Resources",permalink:"/ref-crds"}},c={},l=[],u={toc:l};function f(e){let{components:t,...a}=e;return(0,o.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"registration"},"Registration"),(0,o.kt)("p",null,"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.\nIt's important to note that there are multiple ways to start this:"),(0,o.kt)("ul",null,(0,o.kt)("li",{parentName:"ul"},"Creating a bootstrap config. Fleet does this for the local agent."),(0,o.kt)("li",{parentName:"ul"},"Creating a Cluster resource with a kubeconfing. Rancher does this for downstream clusters."),(0,o.kt)("li",{parentName:"ul"},"Create a Cluster resource with an id."),(0,o.kt)("li",{parentName:"ul"},"Create a ClusterRegistration resource.")),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Registration",src:r(2364).Z,width:"2100",height:"2216"})))}f.isMDXComponent=!0},2364:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetRegistration-02261f36c889f94ee81be67d3aa2f342.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3814],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>d});var n=r(7294);function o(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function i(e){for(var t=1;t=0||(o[r]=e[r]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(o[r]=e[r])}return o}var c=n.createContext({}),l=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):i(i({},t),e)),r},u=function(e){var t=l(e.components);return n.createElement(c.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},p=n.forwardRef((function(e,t){var r=e.components,o=e.mdxType,a=e.originalType,c=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),p=l(r),d=o,g=p["".concat(c,".").concat(d)]||p[d]||f[d]||a;return r?n.createElement(g,i(i({ref:t},u),{},{components:r})):n.createElement(g,i({ref:t},u))}));function d(e,t){var r=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var a=r.length,i=new Array(a);i[0]=p;var s={};for(var c in t)hasOwnProperty.call(t,c)&&(s[c]=t[c]);s.originalType=e,s.mdxType="string"==typeof e?e:o,i[1]=s;for(var l=2;l{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>f,frontMatter:()=>a,metadata:()=>s,toc:()=>l});var n=r(7462),o=(r(7294),r(3905));const a={},i="Registration",s={unversionedId:"ref-registration",id:"ref-registration",title:"Registration",description:"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.",source:"@site/docs/ref-registration.md",sourceDirName:".",slug:"/ref-registration",permalink:"/ref-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-registration.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Configuration",permalink:"/ref-configuration"},next:{title:"Custom Resources",permalink:"/ref-crds"}},c={},l=[],u={toc:l};function f(e){let{components:t,...a}=e;return(0,o.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"registration"},"Registration"),(0,o.kt)("p",null,"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.\nIt's important to note that there are multiple ways to start this:"),(0,o.kt)("ul",null,(0,o.kt)("li",{parentName:"ul"},"Creating a bootstrap config. Fleet does this for the local agent."),(0,o.kt)("li",{parentName:"ul"},"Creating a Cluster resource with a kubeconfing. Rancher does this for downstream clusters."),(0,o.kt)("li",{parentName:"ul"},"Create a Cluster resource with an id."),(0,o.kt)("li",{parentName:"ul"},"Create a ClusterRegistration resource.")),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Registration",src:r(2364).Z,width:"2100",height:"2216"})))}f.isMDXComponent=!0},2364:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetRegistration-02261f36c889f94ee81be67d3aa2f342.svg"}}]); \ No newline at end of file diff --git a/assets/js/839437d0.bc009d72.js b/assets/js/839437d0.af445ebc.js similarity index 96% rename from assets/js/839437d0.bc009d72.js rename to assets/js/839437d0.af445ebc.js index a6f6e2544..c71ce2bc8 100644 --- a/assets/js/839437d0.bc009d72.js +++ b/assets/js/839437d0.af445ebc.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5711],{3905:(e,t,r)=>{r.d(t,{Zo:()=>l,kt:()=>m});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var p=n.createContext({}),i=function(e){var t=n.useContext(p),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},l=function(e){var t=i(e.components);return n.createElement(p.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,p=e.parentName,l=c(e,["components","mdxType","originalType","parentName"]),u=i(r),m=a,d=u["".concat(p,".").concat(m)]||u[m]||f[m]||o;return r?n.createElement(d,s(s({ref:t},l),{},{components:r})):n.createElement(d,s({ref:t},l))}));function m(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=u;var c={};for(var p in t)hasOwnProperty.call(t,p)&&(c[p]=t[p]);c.originalType=e,c.mdxType="string"==typeof e?e:a,s[1]=c;for(var i=2;i{r.r(t),r.d(t,{assets:()=>p,contentTitle:()=>s,default:()=>f,frontMatter:()=>o,metadata:()=>c,toc:()=>i});var n=r(7462),a=(r(7294),r(3905));const o={},s="Namespaces",c={unversionedId:"ref-namespaces",id:"ref-namespaces",title:"Namespaces",description:"An overview of the namespaces used by fleet and their resources.",source:"@site/docs/ref-namespaces.md",sourceDirName:".",slug:"/ref-namespaces",permalink:"/ref-namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-namespaces.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Components",permalink:"/ref-components"},next:{title:"Resources",permalink:"/ref-resources"}},p={},i=[],l={toc:i};function f(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,n.Z)({},l,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"namespaces"},"Namespaces"),(0,a.kt)("p",null,"An overview of the ",(0,a.kt)("a",{parentName:"p",href:"/namespaces"},"namespaces")," used by fleet and their resources."),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Namespace",src:r(3159).Z,width:"1600",height:"1750"})))}f.isMDXComponent=!0},3159:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetNamespaces-aa2883d2b4e961d9abb78772b535985f.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5711],{3905:(e,t,r)=>{r.d(t,{Zo:()=>l,kt:()=>m});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var p=n.createContext({}),i=function(e){var t=n.useContext(p),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},l=function(e){var t=i(e.components);return n.createElement(p.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,p=e.parentName,l=c(e,["components","mdxType","originalType","parentName"]),u=i(r),m=a,d=u["".concat(p,".").concat(m)]||u[m]||f[m]||o;return r?n.createElement(d,s(s({ref:t},l),{},{components:r})):n.createElement(d,s({ref:t},l))}));function m(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=u;var c={};for(var p in t)hasOwnProperty.call(t,p)&&(c[p]=t[p]);c.originalType=e,c.mdxType="string"==typeof e?e:a,s[1]=c;for(var i=2;i{r.r(t),r.d(t,{assets:()=>p,contentTitle:()=>s,default:()=>f,frontMatter:()=>o,metadata:()=>c,toc:()=>i});var n=r(7462),a=(r(7294),r(3905));const o={},s="Namespaces",c={unversionedId:"ref-namespaces",id:"ref-namespaces",title:"Namespaces",description:"An overview of the namespaces used by fleet and their resources.",source:"@site/docs/ref-namespaces.md",sourceDirName:".",slug:"/ref-namespaces",permalink:"/ref-namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-namespaces.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Components",permalink:"/ref-components"},next:{title:"Resources",permalink:"/ref-resources"}},p={},i=[],l={toc:i};function f(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,n.Z)({},l,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"namespaces"},"Namespaces"),(0,a.kt)("p",null,"An overview of the ",(0,a.kt)("a",{parentName:"p",href:"/namespaces"},"namespaces")," used by fleet and their resources."),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Namespace",src:r(3159).Z,width:"1600",height:"1750"})))}f.isMDXComponent=!0},3159:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetNamespaces-aa2883d2b4e961d9abb78772b535985f.svg"}}]); \ No newline at end of file diff --git a/assets/js/847b3bc4.21481317.js b/assets/js/847b3bc4.d6da70de.js similarity index 97% rename from assets/js/847b3bc4.21481317.js rename to assets/js/847b3bc4.d6da70de.js index 1f90f104b..594b0d324 100644 --- a/assets/js/847b3bc4.21481317.js +++ b/assets/js/847b3bc4.d6da70de.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5435],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),f=c(n),m=l,d=f["".concat(s,".").concat(m)]||f[m]||p[m]||a;return n?r.createElement(d,o(o({ref:t},u),{},{components:n})):r.createElement(d,o({ref:t},u))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=f;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"version-0.5/uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/versioned_docs/version-0.5/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/0.5/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/uninstall.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Multi Cluster Install",permalink:"/0.5/multi-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5435],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),f=c(n),m=l,d=f["".concat(s,".").concat(m)]||f[m]||p[m]||a;return n?r.createElement(d,o(o({ref:t},u),{},{components:n})):r.createElement(d,o({ref:t},u))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=f;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"version-0.5/uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/versioned_docs/version-0.5/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/0.5/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/uninstall.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Multi Cluster Install",permalink:"/0.5/multi-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/84ab13f9.997e20d1.js b/assets/js/84ab13f9.997e20d1.js new file mode 100644 index 000000000..3dd71a6a1 --- /dev/null +++ b/assets/js/84ab13f9.997e20d1.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7510],{6828:(e,t,n)=>{n.d(t,{d:()=>a});const a={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-0.5.2.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-agent-0.5.2.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-crd-0.5.2.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-0.6.0-rc.4.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-agent-0.6.0-rc.4.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-crd-0.6.0-rc.4.tgz"}}},8420:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>h,frontMatter:()=>s,metadata:()=>p,toc:()=>d});var a=n(7462),l=(n(7294),n(3905)),i=n(6828),r=n(814);const s={},o="Agent Initiated",p={unversionedId:"agent-initiated",id:"agent-initiated",title:"Agent Initiated",description:"Refer to the overview page for a background information on the agent initiated registration style.",source:"@site/docs/agent-initiated.md",sourceDirName:".",slug:"/agent-initiated",permalink:"/agent-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/agent-initiated.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Tokens",permalink:"/cluster-tokens"},next:{title:"Manager Initiated",permalink:"/manager-initiated"}},c={},d=[{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:2},{value:"Install agent for a new Cluster",id:"install-agent-for-a-new-cluster",level:2},{value:"Install agent for a predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:2}],u={toc:d};function h(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"agent-initiated"},"Agent Initiated"),(0,l.kt)("p",null,"Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the agent initiated registration style."),(0,l.kt)("h2",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,l.kt)("p",null,"A downstream cluster is registered using the ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,l.kt)("strong",{parentName:"p"},"client ID")," or ",(0,l.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required. Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/cluster-tokens"},"cluster registration token page")," for more information\non how to create tokens and obtain the values. The cluster registration token is manifested as a ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will\nbe passed to the ",(0,l.kt)("inlineCode",{parentName:"p"},"helm install")," process."),(0,l.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,l.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,l.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,l.kt)("h2",{id:"install-agent-for-a-new-cluster"},"Install agent for a new Cluster"),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,l.kt)("p",null,"First, follow the ",(0,l.kt)("a",{parentName:"p",href:"/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,l.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,l.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,l.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,l.kt)("p",null,"Value in ",(0,l.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,l.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,l.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"warning"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent'," ",i.d.next.fleetAgent),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,l.kt)("h2",{id:"install-agent-for-a-predefined-cluster"},"Install agent for a predefined Cluster"),(0,l.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,l.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,l.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,l.kt)("p",null,"First, create a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,l.kt)("p",null,"Second, follow the ",(0,l.kt)("a",{parentName:"p",href:"/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,l.kt)("p",null,"Third, setup your environment to use the client ID."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent'," ",i.d.next.fleetAgent),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")))}h.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/84ab13f9.ce3daaaf.js b/assets/js/84ab13f9.ce3daaaf.js deleted file mode 100644 index 80f9ad61a..000000000 --- a/assets/js/84ab13f9.ce3daaaf.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7510],{6828:(e,t,n)=>{n.d(t,{d:()=>a});const a={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-0.5.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-agent-0.5.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-crd-0.5.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-0.6.0-alpha2.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-agent-0.6.0-alpha2.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-crd-0.6.0-alpha2.tgz"}}},8420:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>h,frontMatter:()=>s,metadata:()=>p,toc:()=>d});var a=n(7462),l=(n(7294),n(3905)),i=n(6828),r=n(814);const s={},o="Agent Initiated",p={unversionedId:"agent-initiated",id:"agent-initiated",title:"Agent Initiated",description:"Refer to the overview page for a background information on the agent initiated registration style.",source:"@site/docs/agent-initiated.md",sourceDirName:".",slug:"/agent-initiated",permalink:"/agent-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/agent-initiated.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Tokens",permalink:"/cluster-tokens"},next:{title:"Manager Initiated",permalink:"/manager-initiated"}},c={},d=[{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:2},{value:"Install agent for a new Cluster",id:"install-agent-for-a-new-cluster",level:2},{value:"Install agent for a predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:2}],u={toc:d};function h(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"agent-initiated"},"Agent Initiated"),(0,l.kt)("p",null,"Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the agent initiated registration style."),(0,l.kt)("h2",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,l.kt)("p",null,"A downstream cluster is registered using the ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,l.kt)("strong",{parentName:"p"},"client ID")," or ",(0,l.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required. Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/cluster-tokens"},"cluster registration token page")," for more information\non how to create tokens and obtain the values. The cluster registration token is manifested as a ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will\nbe passed to the ",(0,l.kt)("inlineCode",{parentName:"p"},"helm install")," process."),(0,l.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,l.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,l.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,l.kt)("h2",{id:"install-agent-for-a-new-cluster"},"Install agent for a new Cluster"),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,l.kt)("p",null,"First, follow the ",(0,l.kt)("a",{parentName:"p",href:"/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,l.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,l.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,l.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,l.kt)("p",null,"Value in ",(0,l.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,l.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,l.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"warning"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent'," ",i.d.next.fleetAgent),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,l.kt)("h2",{id:"install-agent-for-a-predefined-cluster"},"Install agent for a predefined Cluster"),(0,l.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,l.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,l.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,l.kt)("p",null,"First, create a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,l.kt)("p",null,"Second, follow the ",(0,l.kt)("a",{parentName:"p",href:"/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,l.kt)("p",null,"Third, setup your environment to use the client ID."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent'," ",i.d.next.fleetAgent),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")))}h.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/9533a6b7.30bb08d8.js b/assets/js/9533a6b7.24e6a7e5.js similarity index 98% rename from assets/js/9533a6b7.30bb08d8.js rename to assets/js/9533a6b7.24e6a7e5.js index 6b7c9597c..0b9da679d 100644 --- a/assets/js/9533a6b7.30bb08d8.js +++ b/assets/js/9533a6b7.24e6a7e5.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9353],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>m});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function l(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var i=n.createContext({}),c=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},p=function(e){var t=c(e.components);return n.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),d=c(r),m=a,f=d["".concat(i,".").concat(m)]||d[m]||u[m]||l;return r?n.createElement(f,o(o({ref:t},p),{},{components:r})):n.createElement(f,o({ref:t},p))}));function m(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=r.length,o=new Array(l);o[0]=d;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const l={},o="Mapping to Downstream Clusters",s={unversionedId:"gitrepo-targets",id:"version-0.5/gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Multi-cluster Only:",source:"@site/versioned_docs/version-0.5/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/0.5/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/gitrepo-targets.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Expected Repo Structure",permalink:"/0.5/gitrepo-structure"},next:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.5/bundle-diffs"}},i={},c=[{value:"Defining targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default target",id:"default-target",level:2}],p={toc:c};function u(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style")),(0,a.kt)("p",null,"When deploying ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,a.kt)("h2",{id:"defining-targets"},"Defining targets"),(0,a.kt)("p",null,"The deployment targets of ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,a.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n')),(0,a.kt)("h2",{id:"target-matching"},"Target Matching"),(0,a.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,a.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,a.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,a.kt)("h2",{id:"default-target"},"Default target"),(0,a.kt)("p",null,"If no target is set for the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,a.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9353],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>m});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function l(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var i=n.createContext({}),c=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},p=function(e){var t=c(e.components);return n.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),d=c(r),m=a,f=d["".concat(i,".").concat(m)]||d[m]||u[m]||l;return r?n.createElement(f,o(o({ref:t},p),{},{components:r})):n.createElement(f,o({ref:t},p))}));function m(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=r.length,o=new Array(l);o[0]=d;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const l={},o="Mapping to Downstream Clusters",s={unversionedId:"gitrepo-targets",id:"version-0.5/gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Multi-cluster Only:",source:"@site/versioned_docs/version-0.5/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/0.5/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/gitrepo-targets.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Expected Repo Structure",permalink:"/0.5/gitrepo-structure"},next:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.5/bundle-diffs"}},i={},c=[{value:"Defining targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default target",id:"default-target",level:2}],p={toc:c};function u(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style")),(0,a.kt)("p",null,"When deploying ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,a.kt)("h2",{id:"defining-targets"},"Defining targets"),(0,a.kt)("p",null,"The deployment targets of ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,a.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n')),(0,a.kt)("h2",{id:"target-matching"},"Target Matching"),(0,a.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,a.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,a.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,a.kt)("h2",{id:"default-target"},"Default target"),(0,a.kt)("p",null,"If no target is set for the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,a.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/9d9f8394.0d61a075.js b/assets/js/9d9f8394.a4c9e09e.js similarity index 99% rename from assets/js/9d9f8394.0d61a075.js rename to assets/js/9d9f8394.a4c9e09e.js index c898580ed..6d6bff7a2 100644 --- a/assets/js/9d9f8394.0d61a075.js +++ b/assets/js/9d9f8394.a4c9e09e.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9360],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>u});var a=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function r(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var s=a.createContext({}),p=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},h=a.forwardRef((function(e,t){var n=e.components,o=e.mdxType,l=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),h=p(n),u=o,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?a.createElement(m,r(r({ref:t},c),{},{components:n})):a.createElement(m,r({ref:t},c))}));function u(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:o,r[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var a=n(7462),o=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/docs/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/troubleshooting.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Image scan",permalink:"/imagescan"},next:{title:"Advanced Users",permalink:"/advanced-users"}},s={},p=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Migrate the local cluster to the Fleet default cluster?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3},{value:"Agent is no longer registered",id:"agent-is-no-longer-registered",level:3}],c={toc:p};function d(e){let{components:t,...n}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,o.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,o.kt)("h2",{id:"how-do-i"},(0,o.kt)("strong",{parentName:"h2"},"How Do I...")),(0,o.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,o.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,o.kt)("p",null,"In the local management cluster where the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,o.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,o.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,o.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,o.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,o.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,o.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,o.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,o.kt)("ul",null,(0,o.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,o.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled. "),(0,o.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,o.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,o.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,o.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,o.kt)("li",{parentName:"ul"},"Check the ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,o.kt)("li",{parentName:"ul"},"Check the ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,o.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,o.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,o.kt)("p",null,"Check the ",(0,o.kt)("a",{parentName:"p",href:"/troubleshooting#fetch-the-log-from-fleet-controller"},(0,o.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,o.kt)("a",{parentName:"p",href:"/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,o.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,o.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,o.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,o.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,o.kt)("p",null,"Check the ",(0,o.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,o.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,o.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,o.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo. "),(0,o.kt)("p",null,"The pods will usually have images named ",(0,o.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,o.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,o.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,o.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,o.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,o.kt)("p",null,"You can check the status of the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,o.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster"},"Migrate the local cluster to the Fleet default cluster?"),(0,o.kt)("p",null,"For users who want to deploy to the local cluster as well, they may move the cluster from ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet-default")," in the Rancher UI as follows:"),(0,o.kt)("ul",null,(0,o.kt)("li",{parentName:"ul"},"To get to Fleet in Rancher, click \u2630 > Continuous Delivery."),(0,o.kt)("li",{parentName:"ul"},"Under the ",(0,o.kt)("strong",{parentName:"li"},"Clusters")," menu, select the ",(0,o.kt)("strong",{parentName:"li"},"local")," cluster by checking the box to the left."),(0,o.kt)("li",{parentName:"ul"},"Select ",(0,o.kt)("strong",{parentName:"li"},"Assign to")," from the tabs above the cluster."),(0,o.kt)("li",{parentName:"ul"},"Select ",(0,o.kt)("strong",{parentName:"li"},(0,o.kt)("inlineCode",{parentName:"strong"},"fleet-default"))," from the ",(0,o.kt)("strong",{parentName:"li"},"Assign Cluster To")," dropdown.")),(0,o.kt)("p",null,(0,o.kt)("strong",{parentName:"p"},"Result"),": The cluster will be migrated to ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet-default"),"."),(0,o.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,o.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,o.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,o.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,o.kt)("ul",null,(0,o.kt)("li",{parentName:"ul"},"Go to the ",(0,o.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,o.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu "),(0,o.kt)("li",{parentName:"ul"},"Select ",(0,o.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,o.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown "),(0,o.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,o.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,o.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,o.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,o.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,o.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,o.kt)("ol",null,(0,o.kt)("li",{parentName:"ol"},(0,o.kt)("p",{parentName:"li"},"For CRD terms like ",(0,o.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,o.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,o.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,o.kt)("li",{parentName:"ol"},(0,o.kt)("p",{parentName:"li"},(0,o.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,o.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,o.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,o.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,o.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,o.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,o.kt)("li",{parentName:"ol"},(0,o.kt)("p",{parentName:"li"},(0,o.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,o.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,o.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,o.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,o.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,o.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,o.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,o.kt)("ol",null,(0,o.kt)("li",{parentName:"ol"},"Create a ",(0,o.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,o.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,o.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,o.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,o.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,o.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,o.kt)("a",{parentName:"p",href:"/gitrepo-structure"},(0,o.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,o.kt)("p",null,"Perform the following steps to assess:"),(0,o.kt)("ul",null,(0,o.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,o.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,o.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,o.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority" \n')),(0,o.kt)("p",null,"Please verify your certificate with the following command:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,o.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,o.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,o.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,o.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm: \n releaseName: \n repo: \n chart: \ndiff: \n comparePatches: \n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations" \n')),(0,o.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,o.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,o.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,o.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,o.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,o.kt)("p",null,(0,o.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,o.kt)("ol",null,(0,o.kt)("li",{parentName:"ol"},(0,o.kt)("p",{parentName:"li"},"Check the ",(0,o.kt)("a",{parentName:"p",href:"/bundle-diffs"},"bundle diffs documentation")," for more information. ")),(0,o.kt)("li",{parentName:"ol"},(0,o.kt)("p",{parentName:"li"},"You can also force update the ",(0,o.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,o.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,o.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,o.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,o.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,o.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,o.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,o.kt)("p",null,"You must define a patch in the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,o.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,o.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,o.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,o.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,o.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,o.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,o.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,o.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,o.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,o.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,o.kt)("strong",{parentName:"p"},"Force Update")),(0,o.kt)("admonition",{type:"caution"},(0,o.kt)("p",{parentName:"admonition"},(0,o.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,o.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,o.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,o.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,o.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,o.kt)("p",null,"When you see an error like the one below ..."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,o.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."),(0,o.kt)("h3",{id:"agent-is-no-longer-registered"},"Agent is no longer registered"),(0,o.kt)("p",null,"You can force a redeployment of an agent for a given cluster by setting ",(0,o.kt)("inlineCode",{parentName:"p"},"redeployAgentGeneration"),"."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-sh"},'kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p \'[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]\'\n')))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9360],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>u});var a=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function r(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var s=a.createContext({}),p=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},h=a.forwardRef((function(e,t){var n=e.components,o=e.mdxType,l=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),h=p(n),u=o,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?a.createElement(m,r(r({ref:t},c),{},{components:n})):a.createElement(m,r({ref:t},c))}));function u(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:o,r[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var a=n(7462),o=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/docs/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/troubleshooting.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Image scan",permalink:"/imagescan"},next:{title:"Advanced Users",permalink:"/advanced-users"}},s={},p=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Migrate the local cluster to the Fleet default cluster?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3},{value:"Agent is no longer registered",id:"agent-is-no-longer-registered",level:3}],c={toc:p};function d(e){let{components:t,...n}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,o.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,o.kt)("h2",{id:"how-do-i"},(0,o.kt)("strong",{parentName:"h2"},"How Do I...")),(0,o.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,o.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,o.kt)("p",null,"In the local management cluster where the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,o.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,o.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,o.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,o.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,o.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,o.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,o.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,o.kt)("ul",null,(0,o.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,o.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled. "),(0,o.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,o.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,o.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,o.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,o.kt)("li",{parentName:"ul"},"Check the ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,o.kt)("li",{parentName:"ul"},"Check the ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,o.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,o.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,o.kt)("p",null,"Check the ",(0,o.kt)("a",{parentName:"p",href:"/troubleshooting#fetch-the-log-from-fleet-controller"},(0,o.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,o.kt)("a",{parentName:"p",href:"/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,o.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,o.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,o.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,o.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,o.kt)("p",null,"Check the ",(0,o.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,o.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,o.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,o.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo. "),(0,o.kt)("p",null,"The pods will usually have images named ",(0,o.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,o.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,o.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,o.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,o.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,o.kt)("p",null,"You can check the status of the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,o.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster"},"Migrate the local cluster to the Fleet default cluster?"),(0,o.kt)("p",null,"For users who want to deploy to the local cluster as well, they may move the cluster from ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet-default")," in the Rancher UI as follows:"),(0,o.kt)("ul",null,(0,o.kt)("li",{parentName:"ul"},"To get to Fleet in Rancher, click \u2630 > Continuous Delivery."),(0,o.kt)("li",{parentName:"ul"},"Under the ",(0,o.kt)("strong",{parentName:"li"},"Clusters")," menu, select the ",(0,o.kt)("strong",{parentName:"li"},"local")," cluster by checking the box to the left."),(0,o.kt)("li",{parentName:"ul"},"Select ",(0,o.kt)("strong",{parentName:"li"},"Assign to")," from the tabs above the cluster."),(0,o.kt)("li",{parentName:"ul"},"Select ",(0,o.kt)("strong",{parentName:"li"},(0,o.kt)("inlineCode",{parentName:"strong"},"fleet-default"))," from the ",(0,o.kt)("strong",{parentName:"li"},"Assign Cluster To")," dropdown.")),(0,o.kt)("p",null,(0,o.kt)("strong",{parentName:"p"},"Result"),": The cluster will be migrated to ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet-default"),"."),(0,o.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,o.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,o.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,o.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,o.kt)("ul",null,(0,o.kt)("li",{parentName:"ul"},"Go to the ",(0,o.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,o.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu "),(0,o.kt)("li",{parentName:"ul"},"Select ",(0,o.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,o.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown "),(0,o.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,o.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,o.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,o.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,o.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,o.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,o.kt)("ol",null,(0,o.kt)("li",{parentName:"ol"},(0,o.kt)("p",{parentName:"li"},"For CRD terms like ",(0,o.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,o.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,o.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,o.kt)("li",{parentName:"ol"},(0,o.kt)("p",{parentName:"li"},(0,o.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,o.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,o.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,o.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,o.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,o.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,o.kt)("li",{parentName:"ol"},(0,o.kt)("p",{parentName:"li"},(0,o.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,o.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,o.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,o.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,o.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,o.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,o.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,o.kt)("ol",null,(0,o.kt)("li",{parentName:"ol"},"Create a ",(0,o.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,o.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,o.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,o.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,o.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,o.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,o.kt)("a",{parentName:"p",href:"/gitrepo-structure"},(0,o.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,o.kt)("p",null,"Perform the following steps to assess:"),(0,o.kt)("ul",null,(0,o.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,o.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,o.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,o.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority" \n')),(0,o.kt)("p",null,"Please verify your certificate with the following command:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,o.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,o.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,o.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,o.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm: \n releaseName: \n repo: \n chart: \ndiff: \n comparePatches: \n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations" \n')),(0,o.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,o.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,o.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,o.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,o.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,o.kt)("p",null,(0,o.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,o.kt)("ol",null,(0,o.kt)("li",{parentName:"ol"},(0,o.kt)("p",{parentName:"li"},"Check the ",(0,o.kt)("a",{parentName:"p",href:"/bundle-diffs"},"bundle diffs documentation")," for more information. ")),(0,o.kt)("li",{parentName:"ol"},(0,o.kt)("p",{parentName:"li"},"You can also force update the ",(0,o.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,o.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,o.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,o.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,o.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,o.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,o.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,o.kt)("p",null,"You must define a patch in the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,o.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,o.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,o.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,o.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,o.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,o.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,o.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,o.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,o.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,o.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,o.kt)("strong",{parentName:"p"},"Force Update")),(0,o.kt)("admonition",{type:"caution"},(0,o.kt)("p",{parentName:"admonition"},(0,o.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,o.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,o.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,o.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,o.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,o.kt)("p",null,"When you see an error like the one below ..."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,o.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."),(0,o.kt)("h3",{id:"agent-is-no-longer-registered"},"Agent is no longer registered"),(0,o.kt)("p",null,"You can force a redeployment of an agent for a given cluster by setting ",(0,o.kt)("inlineCode",{parentName:"p"},"redeployAgentGeneration"),"."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-sh"},'kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p \'[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]\'\n')))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/a2c468b1.5d788205.js b/assets/js/a2c468b1.3369f9a7.js similarity index 99% rename from assets/js/a2c468b1.5d788205.js rename to assets/js/a2c468b1.3369f9a7.js index 78b9e781d..1b3790eda 100644 --- a/assets/js/a2c468b1.5d788205.js +++ b/assets/js/a2c468b1.3369f9a7.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2361],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var l=a.createContext({}),p=function(e){var n=a.useContext(l),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(l.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(l,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var s={};for(var l in n)hasOwnProperty.call(n,l)&&(s[l]=n[l]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var p=2;p{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs for Modified GitRepos",s={unversionedId:"bundle-diffs",id:"version-0.4/bundle-diffs",title:"Generating Diffs for Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/versioned_docs/version-0.4/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/0.4/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/bundle-diffs.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/0.4/gitrepo-targets"},next:{title:"Webhook",permalink:"/0.4/webhook"}},l={},p=[{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-for-modified-gitrepos"},"Generating Diffs for Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec. "),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")," "),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and "),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2361],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var l=a.createContext({}),p=function(e){var n=a.useContext(l),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(l.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(l,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var s={};for(var l in n)hasOwnProperty.call(n,l)&&(s[l]=n[l]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var p=2;p{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs for Modified GitRepos",s={unversionedId:"bundle-diffs",id:"version-0.4/bundle-diffs",title:"Generating Diffs for Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/versioned_docs/version-0.4/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/0.4/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/bundle-diffs.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/0.4/gitrepo-targets"},next:{title:"Webhook",permalink:"/0.4/webhook"}},l={},p=[{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-for-modified-gitrepos"},"Generating Diffs for Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec. "),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")," "),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and "),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file diff --git a/assets/js/a9e7f6cd.df5e4c7f.js b/assets/js/a9e7f6cd.69954bfe.js similarity index 98% rename from assets/js/a9e7f6cd.df5e4c7f.js rename to assets/js/a9e7f6cd.69954bfe.js index 49bc33a5f..350570412 100644 --- a/assets/js/a9e7f6cd.df5e4c7f.js +++ b/assets/js/a9e7f6cd.69954bfe.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7169],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,s=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),f=c(n),d=a,m=f["".concat(s,".").concat(d)]||f[d]||p[d]||i;return n?r.createElement(m,l(l({ref:t},u),{},{components:n})):r.createElement(m,l({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,l=new Array(i);l[0]=f;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>l,default:()=>p,frontMatter:()=>i,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const i={},l="Installation",o={unversionedId:"installation",id:"version-0.4/installation",title:"Installation",description:"The installation is broken up into two different use cases: Single and",source:"@site/versioned_docs/version-0.4/installation.md",sourceDirName:".",slug:"/installation",permalink:"/0.4/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/installation.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Advanced Users",permalink:"/0.4/advanced-users"},next:{title:"Single Cluster Install",permalink:"/0.4/single-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"installation"},"Installation"),(0,a.kt)("p",null,"The installation is broken up into two different use cases: ",(0,a.kt)("a",{parentName:"p",href:"/0.4/single-cluster-install"},"Single")," and\n",(0,a.kt)("a",{parentName:"p",href:"/0.4/multi-cluster-install"},"Multi-Cluster")," install. The single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,a.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7169],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,s=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),f=c(n),d=a,m=f["".concat(s,".").concat(d)]||f[d]||p[d]||i;return n?r.createElement(m,l(l({ref:t},u),{},{components:n})):r.createElement(m,l({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,l=new Array(i);l[0]=f;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>l,default:()=>p,frontMatter:()=>i,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const i={},l="Installation",o={unversionedId:"installation",id:"version-0.4/installation",title:"Installation",description:"The installation is broken up into two different use cases: Single and",source:"@site/versioned_docs/version-0.4/installation.md",sourceDirName:".",slug:"/installation",permalink:"/0.4/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/installation.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Advanced Users",permalink:"/0.4/advanced-users"},next:{title:"Single Cluster Install",permalink:"/0.4/single-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"installation"},"Installation"),(0,a.kt)("p",null,"The installation is broken up into two different use cases: ",(0,a.kt)("a",{parentName:"p",href:"/0.4/single-cluster-install"},"Single")," and\n",(0,a.kt)("a",{parentName:"p",href:"/0.4/multi-cluster-install"},"Multi-Cluster")," install. The single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,a.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/aba71817.e82bc030.js b/assets/js/aba71817.d30b293f.js similarity index 96% rename from assets/js/aba71817.e82bc030.js rename to assets/js/aba71817.d30b293f.js index f7fb69e01..d4379f1da 100644 --- a/assets/js/aba71817.e82bc030.js +++ b/assets/js/aba71817.d30b293f.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8813],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>f});var n=r(7294);function o(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function l(e){for(var t=1;t=0||(o[r]=e[r]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(o[r]=e[r])}return o}var i=n.createContext({}),c=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):l(l({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(i.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},p=n.forwardRef((function(e,t){var r=e.components,o=e.mdxType,a=e.originalType,i=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),p=c(r),f=o,g=p["".concat(i,".").concat(f)]||p[f]||d[f]||a;return r?n.createElement(g,l(l({ref:t},u),{},{components:r})):n.createElement(g,l({ref:t},u))}));function f(e,t){var r=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var a=r.length,l=new Array(a);l[0]=p;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:o,l[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>d,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var n=r(7462),o=(r(7294),r(3905));const a={},l="Bundle Rendering Stages",s={unversionedId:"ref-bundle-stages",id:"ref-bundle-stages",title:"Bundle Rendering Stages",description:"The different stages a bundle goes through until deployed.",source:"@site/docs/ref-bundle-stages.md",sourceDirName:".",slug:"/ref-bundle-stages",permalink:"/ref-bundle-stages",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-bundle-stages.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet.yaml",permalink:"/ref-fleet-yaml"},next:{title:"Components",permalink:"/ref-components"}},i={},c=[],u={toc:c};function d(e){let{components:t,...a}=e;return(0,o.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"bundle-rendering-stages"},"Bundle Rendering Stages"),(0,o.kt)("p",null,"The different stages a bundle goes through until deployed."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Bundle Stages",src:r(5208).Z,width:"711",height:"803"})))}d.isMDXComponent=!0},5208:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetBundleStages-266005b85e14d0b48d2e1067b8641f83.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8813],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>f});var n=r(7294);function o(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function l(e){for(var t=1;t=0||(o[r]=e[r]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(o[r]=e[r])}return o}var i=n.createContext({}),c=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):l(l({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(i.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},p=n.forwardRef((function(e,t){var r=e.components,o=e.mdxType,a=e.originalType,i=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),p=c(r),f=o,g=p["".concat(i,".").concat(f)]||p[f]||d[f]||a;return r?n.createElement(g,l(l({ref:t},u),{},{components:r})):n.createElement(g,l({ref:t},u))}));function f(e,t){var r=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var a=r.length,l=new Array(a);l[0]=p;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:o,l[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>d,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var n=r(7462),o=(r(7294),r(3905));const a={},l="Bundle Rendering Stages",s={unversionedId:"ref-bundle-stages",id:"ref-bundle-stages",title:"Bundle Rendering Stages",description:"The different stages a bundle goes through until deployed.",source:"@site/docs/ref-bundle-stages.md",sourceDirName:".",slug:"/ref-bundle-stages",permalink:"/ref-bundle-stages",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-bundle-stages.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet.yaml",permalink:"/ref-fleet-yaml"},next:{title:"Components",permalink:"/ref-components"}},i={},c=[],u={toc:c};function d(e){let{components:t,...a}=e;return(0,o.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"bundle-rendering-stages"},"Bundle Rendering Stages"),(0,o.kt)("p",null,"The different stages a bundle goes through until deployed."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Bundle Stages",src:r(5208).Z,width:"711",height:"803"})))}d.isMDXComponent=!0},5208:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetBundleStages-266005b85e14d0b48d2e1067b8641f83.svg"}}]); \ No newline at end of file diff --git a/assets/js/abaf23c8.98b96c52.js b/assets/js/abaf23c8.98b96c52.js new file mode 100644 index 000000000..0a16d789a --- /dev/null +++ b/assets/js/abaf23c8.98b96c52.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3862],{6828:(e,t,n)=>{n.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-0.5.2.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-agent-0.5.2.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-crd-0.5.2.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-0.6.0-rc.4.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-agent-0.6.0-rc.4.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-crd-0.6.0-rc.4.tgz"}}},3151:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>o,default:()=>m,frontMatter:()=>i,metadata:()=>c,toc:()=>p});var l=n(7462),a=(n(7294),n(3905)),r=n(6828),s=n(814);const i={},o="Multi Cluster Install",c={unversionedId:"multi-cluster-install",id:"multi-cluster-install",title:"Multi Cluster Install",description:"Note: Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under Continuous Delivery on Rancher.",source:"@site/docs/multi-cluster-install.md",sourceDirName:".",slug:"/multi-cluster-install",permalink:"/multi-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/multi-cluster-install.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Single Cluster Install",permalink:"/single-cluster-install"},next:{title:"Uninstall",permalink:"/uninstall"}},u={},p=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:2},{value:"Install",id:"install",level:2}],d={toc:p};function m(e){let{components:t,...i}=e;return(0,a.kt)("wrapper",(0,l.Z)({},d,i,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"multi-cluster-install"},"Multi Cluster Install"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Note:")," Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,a.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Warning:")," The multi-cluster install described below is ",(0,a.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA. "),(0,a.kt)("p",null,"In the below use case, you will setup a centralized Fleet manager. The centralized Fleet manager is a\nKubernetes cluster running the Fleet controllers. After installing the Fleet manager, you will then\nneed to register remote downstream clusters with the Fleet manager."),(0,a.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,a.kt)("h3",{id:"helm-3"},"Helm 3"),(0,a.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,a.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,a.kt)("p",null,"macOS"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,a.kt)("p",null,"Windows"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,a.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,a.kt)("p",null,"The Fleet manager is a controller running on a Kubernetes cluster so an existing cluster is required. All\ndownstream cluster that will be managed will need to communicate to this central Kubernetes cluster. This\nmeans the Kubernetes API server URL must be accessible to the downstream clusters. Any Kubernetes community\nsupported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,a.kt)("h2",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,a.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,a.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config"),"). The ",(0,a.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,a.kt)("p",null,"Please note that the ",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,a.kt)("p",null,"If you have ",(0,a.kt)("inlineCode",{parentName:"p"},"jq")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"base64")," available then this one-liners will pull all CA certificates from your\n",(0,a.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," and place then in a file named ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem"),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n")),(0,a.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')),(0,a.kt)("h2",{id:"install"},"Install"),(0,a.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,a.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,a.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,a.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,a.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,a.kt)("p",null,"Run the following commands"),(0,a.kt)("p",null,"Setup the environment with your specific values."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,a.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,a.kt)("p",null,"First validate the server URL is correct."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fLk ${API_SERVER_URL}/version\n")),(0,a.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,a.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,a.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,a.kt)("inlineCode",{parentName:"p"},"--cacert ${API_SERVER_CA}")," part of the command."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fL --cacert ${API_SERVER_CA} ${API_SERVER_URL}/version\n")),(0,a.kt)("p",null,"If you get a valid JSON response or an ",(0,a.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,a.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,a.kt)("inlineCode",{parentName:"p"},"${API_SERVER_CA}")," file should look similar to the below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,a.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,a.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,a.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d.next.fleetCRD),(0,a.kt)("p",null,"Second install the Fleet controllers."),(0,a.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="${API_SERVER_URL}" \\\n --set-file apiServerCA="${API_SERVER_CA}" \\\n fleet'," ",r.d.next.fleet),(0,a.kt)("p",null,"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,a.kt)("a",{parentName:"p",href:"/cluster-overview"},"register clusters")," and ",(0,a.kt)("a",{parentName:"p",href:"/gitrepo-add"},"git repos")," with\nthe Fleet manager."))}m.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>l});const l=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file diff --git a/assets/js/abaf23c8.c08e0626.js b/assets/js/abaf23c8.c08e0626.js deleted file mode 100644 index f69ce9dec..000000000 --- a/assets/js/abaf23c8.c08e0626.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3862],{6828:(e,t,n)=>{n.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-0.5.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-agent-0.5.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-crd-0.5.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-0.6.0-alpha2.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-agent-0.6.0-alpha2.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-crd-0.6.0-alpha2.tgz"}}},3151:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>o,default:()=>h,frontMatter:()=>i,metadata:()=>c,toc:()=>p});var l=n(7462),a=(n(7294),n(3905)),r=n(6828),s=n(814);const i={},o="Multi Cluster Install",c={unversionedId:"multi-cluster-install",id:"multi-cluster-install",title:"Multi Cluster Install",description:"Note: Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under Continuous Delivery on Rancher.",source:"@site/docs/multi-cluster-install.md",sourceDirName:".",slug:"/multi-cluster-install",permalink:"/multi-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/multi-cluster-install.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Single Cluster Install",permalink:"/single-cluster-install"},next:{title:"Uninstall",permalink:"/uninstall"}},u={},p=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:2},{value:"Install",id:"install",level:2}],d={toc:p};function h(e){let{components:t,...i}=e;return(0,a.kt)("wrapper",(0,l.Z)({},d,i,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"multi-cluster-install"},"Multi Cluster Install"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Note:")," Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,a.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Warning:")," The multi-cluster install described below is ",(0,a.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA. "),(0,a.kt)("p",null,"In the below use case, you will setup a centralized Fleet manager. The centralized Fleet manager is a\nKubernetes cluster running the Fleet controllers. After installing the Fleet manager, you will then\nneed to register remote downstream clusters with the Fleet manager."),(0,a.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,a.kt)("h3",{id:"helm-3"},"Helm 3"),(0,a.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,a.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,a.kt)("p",null,"macOS"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,a.kt)("p",null,"Windows"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,a.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,a.kt)("p",null,"The Fleet manager is a controller running on a Kubernetes cluster so an existing cluster is required. All\ndownstream cluster that will be managed will need to communicate to this central Kubernetes cluster. This\nmeans the Kubernetes API server URL must be accessible to the downstream clusters. Any Kubernetes community\nsupported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,a.kt)("h2",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,a.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,a.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config"),"). The ",(0,a.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,a.kt)("p",null,"Please note that the ",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,a.kt)("p",null,"If you have ",(0,a.kt)("inlineCode",{parentName:"p"},"jq")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"base64")," available then this one-liners will pull all CA certificates from your\n",(0,a.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," and place then in a file named ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem"),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n")),(0,a.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')),(0,a.kt)("h2",{id:"install"},"Install"),(0,a.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,a.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,a.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,a.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,a.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,a.kt)("p",null,"Run the following commands"),(0,a.kt)("p",null,"Setup the environment with your specific values."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,a.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,a.kt)("p",null,"First validate the server URL is correct."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fLk ${API_SERVER_URL}/version\n")),(0,a.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,a.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,a.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,a.kt)("inlineCode",{parentName:"p"},"--cacert ${API_SERVER_CA}")," part of the command."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fL --cacert ${API_SERVER_CA} ${API_SERVER_URL}/version\n")),(0,a.kt)("p",null,"If you get a valid JSON response or an ",(0,a.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,a.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,a.kt)("inlineCode",{parentName:"p"},"${API_SERVER_CA}")," file should look similar to the below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,a.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,a.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,a.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d.next.fleetCRD),(0,a.kt)("p",null,"Second install the Fleet controllers."),(0,a.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="${API_SERVER_URL}" \\\n --set-file apiServerCA="${API_SERVER_CA}" \\\n fleet'," ",r.d.next.fleet),(0,a.kt)("p",null,"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,a.kt)("a",{parentName:"p",href:"/cluster-overview"},"register clusters")," and ",(0,a.kt)("a",{parentName:"p",href:"/gitrepo-add"},"git repos")," with\nthe Fleet manager."))}h.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>l});const l=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file diff --git a/assets/js/af10d9fb.c6bbbb1a.js b/assets/js/af10d9fb.027616f3.js similarity index 98% rename from assets/js/af10d9fb.c6bbbb1a.js rename to assets/js/af10d9fb.027616f3.js index f7c093fec..03ec534ea 100644 --- a/assets/js/af10d9fb.c6bbbb1a.js +++ b/assets/js/af10d9fb.027616f3.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3632],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),d=l,m=u["".concat(s,".").concat(d)]||u[d]||f[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>f,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet apply"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet_apply",id:"cli/fleet-cli/fleet_apply",title:"",description:"fleet apply",source:"@site/docs/cli/fleet-cli/fleet_apply.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_apply",permalink:"/cli/fleet-cli/fleet_apply",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-cli/fleet_apply.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{title:"",sidebar_label:"fleet apply"},sidebar:"docs",previous:{title:"fleet",permalink:"/cli/fleet-cli/fleet"},next:{title:"fleet test",permalink:"/cli/fleet-cli/fleet_test"}},s={},c=[{value:"fleet apply",id:"fleet-apply",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-apply"},"fleet apply"),(0,l.kt)("p",null,"Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet apply [flags] BUNDLE_NAME PATH...\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --cacerts-file string Path of custom cacerts for helm repo\n --commit string Commit to assign to the bundle\n -c, --compress Force all resources to be compress\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -h, --help help for apply\n -l, --label strings Labels to apply to created bundles\n -o, --output string Output contents to file or - for stdout\n --password-file string Path of file containing basic auth password for helm repo\n --paused Create bundles in a paused state\n -a, --service-account string Service account to assign to bundle created\n --ssh-privatekey-file string Path of ssh-private-key for helm repo\n --sync-generation int Generation number used to force sync the deployment\n --target-namespace string Ensure this bundle goes to this target namespace\n --targets-file string Addition source of targets and restrictions to be append\n --username string Basic auth username for helm repo\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3632],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),d=l,m=u["".concat(s,".").concat(d)]||u[d]||f[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>f,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet apply"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet_apply",id:"cli/fleet-cli/fleet_apply",title:"",description:"fleet apply",source:"@site/docs/cli/fleet-cli/fleet_apply.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_apply",permalink:"/cli/fleet-cli/fleet_apply",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-cli/fleet_apply.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{title:"",sidebar_label:"fleet apply"},sidebar:"docs",previous:{title:"fleet",permalink:"/cli/fleet-cli/fleet"},next:{title:"fleet test",permalink:"/cli/fleet-cli/fleet_test"}},s={},c=[{value:"fleet apply",id:"fleet-apply",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-apply"},"fleet apply"),(0,l.kt)("p",null,"Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet apply [flags] BUNDLE_NAME PATH...\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --cacerts-file string Path of custom cacerts for helm repo\n --commit string Commit to assign to the bundle\n -c, --compress Force all resources to be compress\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -h, --help help for apply\n -l, --label strings Labels to apply to created bundles\n -o, --output string Output contents to file or - for stdout\n --password-file string Path of file containing basic auth password for helm repo\n --paused Create bundles in a paused state\n -a, --service-account string Service account to assign to bundle created\n --ssh-privatekey-file string Path of ssh-private-key for helm repo\n --sync-generation int Generation number used to force sync the deployment\n --target-namespace string Ensure this bundle goes to this target namespace\n --targets-file string Addition source of targets and restrictions to be append\n --username string Basic auth username for helm repo\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/af48bdba.12613d81.js b/assets/js/af48bdba.1eb7f149.js similarity index 97% rename from assets/js/af48bdba.12613d81.js rename to assets/js/af48bdba.1eb7f149.js index de805eeca..fd78de358 100644 --- a/assets/js/af48bdba.12613d81.js +++ b/assets/js/af48bdba.1eb7f149.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[964],{3905:(e,t,n)=>{n.d(t,{Zo:()=>i,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var u=r.createContext({}),d=function(e){var t=r.useContext(u),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},i=function(e){var t=d(e.components);return r.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},c=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,i=o(e,["components","mdxType","originalType","parentName"]),c=d(n),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return n?r.createElement(m,s(s({ref:t},i),{},{components:n})):r.createElement(m,s({ref:t},i))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var d=2;d{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>d});var r=n(7462),a=(n(7294),n(3905));const l={},s="Cluster and Bundle state",o={unversionedId:"cluster-bundles-state",id:"version-0.5/cluster-bundles-state",title:"Cluster and Bundle state",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/versioned_docs/version-0.5/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/0.5/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-bundles-state.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Image scan",permalink:"/0.5/imagescan"},next:{title:"Troubleshooting",permalink:"/0.5/troubleshooting"}},u={},d=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],i={toc:d};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},i,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[964],{3905:(e,t,n)=>{n.d(t,{Zo:()=>i,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var u=r.createContext({}),d=function(e){var t=r.useContext(u),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},i=function(e){var t=d(e.components);return r.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},c=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,i=o(e,["components","mdxType","originalType","parentName"]),c=d(n),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return n?r.createElement(m,s(s({ref:t},i),{},{components:n})):r.createElement(m,s({ref:t},i))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var d=2;d{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>d});var r=n(7462),a=(n(7294),n(3905));const l={},s="Cluster and Bundle state",o={unversionedId:"cluster-bundles-state",id:"version-0.5/cluster-bundles-state",title:"Cluster and Bundle state",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/versioned_docs/version-0.5/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/0.5/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-bundles-state.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Image scan",permalink:"/0.5/imagescan"},next:{title:"Troubleshooting",permalink:"/0.5/troubleshooting"}},u={},d=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],i={toc:d};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},i,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/b2456c44.e8666273.js b/assets/js/b2456c44.0f8fe90a.js similarity index 97% rename from assets/js/b2456c44.e8666273.js rename to assets/js/b2456c44.0f8fe90a.js index 49d1be0bc..4aed197dd 100644 --- a/assets/js/b2456c44.e8666273.js +++ b/assets/js/b2456c44.0f8fe90a.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1760],{3905:(e,t,r)=>{r.d(t,{Zo:()=>f,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function l(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),p=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):l(l({},t),e)),r},f=function(e){var t=p(e.components);return n.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},s=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),s=p(r),d=a,m=s["".concat(c,".").concat(d)]||s[d]||u[d]||o;return r?n.createElement(m,l(l({ref:t},f),{},{components:r})):n.createElement(m,l({ref:t},f))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,l=new Array(o);l[0]=s;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:a,l[1]=i;for(var p=2;p{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>l,default:()=>u,frontMatter:()=>o,metadata:()=>i,toc:()=>p});var n=r(7462),a=(r(7294),r(3905));const o={},l="fleet.yaml",i={unversionedId:"ref-fleet-yaml",id:"ref-fleet-yaml",title:"fleet.yaml",description:"The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.",source:"@site/docs/ref-fleet-yaml.md",sourceDirName:".",slug:"/ref-fleet-yaml",permalink:"/ref-fleet-yaml",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-fleet-yaml.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"GitRepo CRD",permalink:"/ref-crd-gitrepo"},next:{title:"Bundle Rendering Stages",permalink:"/ref-bundle-stages"}},c={},p=[],f={toc:p};function u(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},f,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"fleetyaml"},"fleet.yaml"),(0,a.kt)("p",null,"The ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file adds options to a bundle. Any directory with a ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is automatically turned into bundle."),(0,a.kt)("p",null,"A full reference with explanations can be found in ",(0,a.kt)("a",{parentName:"p",href:"/gitrepo-structure#fleetyaml"},"Expected Repo Structure"),"."),(0,a.kt)("p",null,"The content of the fleet.yaml corresponds to ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/master/pkg/bundlereader/read.go#L129-L135"},"https://github.com/rancher/fleet/blob/master/pkg/bundlereader/read.go#L129-L135"),", which contains the ",(0,a.kt)("a",{parentName:"p",href:"./ref-crds#bundlespec"},"BundleSpec"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1760],{3905:(e,t,r)=>{r.d(t,{Zo:()=>f,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function l(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),p=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):l(l({},t),e)),r},f=function(e){var t=p(e.components);return n.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},s=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),s=p(r),d=a,m=s["".concat(c,".").concat(d)]||s[d]||u[d]||o;return r?n.createElement(m,l(l({ref:t},f),{},{components:r})):n.createElement(m,l({ref:t},f))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,l=new Array(o);l[0]=s;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:a,l[1]=i;for(var p=2;p{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>l,default:()=>u,frontMatter:()=>o,metadata:()=>i,toc:()=>p});var n=r(7462),a=(r(7294),r(3905));const o={},l="fleet.yaml",i={unversionedId:"ref-fleet-yaml",id:"ref-fleet-yaml",title:"fleet.yaml",description:"The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.",source:"@site/docs/ref-fleet-yaml.md",sourceDirName:".",slug:"/ref-fleet-yaml",permalink:"/ref-fleet-yaml",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-fleet-yaml.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"GitRepo CRD",permalink:"/ref-crd-gitrepo"},next:{title:"Bundle Rendering Stages",permalink:"/ref-bundle-stages"}},c={},p=[],f={toc:p};function u(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},f,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"fleetyaml"},"fleet.yaml"),(0,a.kt)("p",null,"The ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file adds options to a bundle. Any directory with a ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is automatically turned into bundle."),(0,a.kt)("p",null,"A full reference with explanations can be found in ",(0,a.kt)("a",{parentName:"p",href:"/gitrepo-structure#fleetyaml"},"Expected Repo Structure"),"."),(0,a.kt)("p",null,"The content of the fleet.yaml corresponds to ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/master/pkg/bundlereader/read.go#L129-L135"},"https://github.com/rancher/fleet/blob/master/pkg/bundlereader/read.go#L129-L135"),", which contains the ",(0,a.kt)("a",{parentName:"p",href:"./ref-crds#bundlespec"},"BundleSpec"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/b32c755c.3b6f001a.js b/assets/js/b32c755c.4e6d16b6.js similarity index 99% rename from assets/js/b32c755c.3b6f001a.js rename to assets/js/b32c755c.4e6d16b6.js index baadbf862..1c1e6e724 100644 --- a/assets/js/b32c755c.3b6f001a.js +++ b/assets/js/b32c755c.4e6d16b6.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[859],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var l=a.createContext({}),p=function(e){var n=a.useContext(l),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(l.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(l,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var s={};for(var l in n)hasOwnProperty.call(n,l)&&(s[l]=n[l]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var p=2;p{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs for Modified GitRepos",s={unversionedId:"bundle-diffs",id:"version-0.5/bundle-diffs",title:"Generating Diffs for Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/versioned_docs/version-0.5/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/0.5/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/bundle-diffs.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/0.5/gitrepo-targets"},next:{title:"Webhook",permalink:"/0.5/webhook"}},l={},p=[{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-for-modified-gitrepos"},"Generating Diffs for Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec. "),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")," "),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and "),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[859],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var l=a.createContext({}),p=function(e){var n=a.useContext(l),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(l.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(l,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var s={};for(var l in n)hasOwnProperty.call(n,l)&&(s[l]=n[l]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var p=2;p{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs for Modified GitRepos",s={unversionedId:"bundle-diffs",id:"version-0.5/bundle-diffs",title:"Generating Diffs for Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/versioned_docs/version-0.5/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/0.5/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/bundle-diffs.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/0.5/gitrepo-targets"},next:{title:"Webhook",permalink:"/0.5/webhook"}},l={},p=[{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-for-modified-gitrepos"},"Generating Diffs for Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec. "),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")," "),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and "),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file diff --git a/assets/js/b60b3bd8.83abcd31.js b/assets/js/b60b3bd8.c727d7a8.js similarity index 97% rename from assets/js/b60b3bd8.83abcd31.js rename to assets/js/b60b3bd8.c727d7a8.js index 9fdbe4b64..08f560b06 100644 --- a/assets/js/b60b3bd8.83abcd31.js +++ b/assets/js/b60b3bd8.c727d7a8.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4917],{3905:(e,t,r)=>{r.d(t,{Zo:()=>i,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},i=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,i=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||p[d]||o;return r?n.createElement(f,s(s({ref:t},i),{},{components:r})):n.createElement(f,s({ref:t},i))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Cluster Groups",l={unversionedId:"cluster-group",id:"version-0.4/cluster-group",title:"Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/versioned_docs/version-0.4/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/0.4/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-group.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Manager Initiated",permalink:"/0.4/manager-initiated"},next:{title:"Namespaces",permalink:"/0.4/namespaces"}},c={},u=[],i={toc:u};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},i,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-groups"},"Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4917],{3905:(e,t,r)=>{r.d(t,{Zo:()=>i,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},i=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,i=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||p[d]||o;return r?n.createElement(f,s(s({ref:t},i),{},{components:r})):n.createElement(f,s({ref:t},i))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Cluster Groups",l={unversionedId:"cluster-group",id:"version-0.4/cluster-group",title:"Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/versioned_docs/version-0.4/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/0.4/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-group.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Manager Initiated",permalink:"/0.4/manager-initiated"},next:{title:"Namespaces",permalink:"/0.4/namespaces"}},c={},u=[],i={toc:u};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},i,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-groups"},"Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/b7ae13b2.135fc9a2.js b/assets/js/b7ae13b2.32826eb7.js similarity index 95% rename from assets/js/b7ae13b2.135fc9a2.js rename to assets/js/b7ae13b2.32826eb7.js index 7ae5fe8c4..e64cda819 100644 --- a/assets/js/b7ae13b2.135fc9a2.js +++ b/assets/js/b7ae13b2.32826eb7.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6588],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),f=c(n),m=l,d=f["".concat(s,".").concat(m)]||f[m]||p[m]||a;return n?r.createElement(d,o(o({ref:t},u),{},{components:n})):r.createElement(d,o({ref:t},u))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=f;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/docs/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/uninstall.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Multi Cluster Install",permalink:"/multi-cluster-install"},next:{title:"Cluster and Bundle State",permalink:"/cluster-bundles-state"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6588],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),f=c(n),m=l,d=f["".concat(s,".").concat(m)]||f[m]||p[m]||a;return n?r.createElement(d,o(o({ref:t},u),{},{components:n})):r.createElement(d,o({ref:t},u))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=f;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/docs/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/uninstall.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Multi Cluster Install",permalink:"/multi-cluster-install"},next:{title:"Cluster and Bundle State",permalink:"/cluster-bundles-state"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/b8f3160f.3fdb26d0.js b/assets/js/b8f3160f.37f64d95.js similarity index 98% rename from assets/js/b8f3160f.3fdb26d0.js rename to assets/js/b8f3160f.37f64d95.js index d1580871f..67f2bb7ab 100644 --- a/assets/js/b8f3160f.3fdb26d0.js +++ b/assets/js/b8f3160f.37f64d95.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8711],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>m});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function l(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var i=n.createContext({}),c=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(i.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(r),m=a,f=d["".concat(i,".").concat(m)]||d[m]||p[m]||l;return r?n.createElement(f,o(o({ref:t},u),{},{components:r})):n.createElement(f,o({ref:t},u))}));function m(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=r.length,o=new Array(l);o[0]=d;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>p,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const l={},o="Mapping to Downstream Clusters",s={unversionedId:"gitrepo-targets",id:"gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Multi-cluster Only:",source:"@site/docs/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/gitrepo-targets.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Expected Repo Structure",permalink:"/gitrepo-structure"},next:{title:"Generating Diffs for Modified GitRepos",permalink:"/bundle-diffs"}},i={},c=[{value:"Defining targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default target",id:"default-target",level:2}],u={toc:c};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},u,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style")),(0,a.kt)("p",null,"When deploying ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,a.kt)("h2",{id:"defining-targets"},"Defining targets"),(0,a.kt)("p",null,"The deployment targets of ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,a.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n # A specific cluster by name that will be selected\n clusterName: cluster1\n')),(0,a.kt)("h2",{id:"target-matching"},"Target Matching"),(0,a.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,a.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,a.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,a.kt)("h2",{id:"default-target"},"Default target"),(0,a.kt)("p",null,"If no target is set for the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,a.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8711],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>m});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function l(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var i=n.createContext({}),c=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(i.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(r),m=a,f=d["".concat(i,".").concat(m)]||d[m]||p[m]||l;return r?n.createElement(f,o(o({ref:t},u),{},{components:r})):n.createElement(f,o({ref:t},u))}));function m(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=r.length,o=new Array(l);o[0]=d;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>p,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const l={},o="Mapping to Downstream Clusters",s={unversionedId:"gitrepo-targets",id:"gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Multi-cluster Only:",source:"@site/docs/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/gitrepo-targets.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Expected Repo Structure",permalink:"/gitrepo-structure"},next:{title:"Generating Diffs for Modified GitRepos",permalink:"/bundle-diffs"}},i={},c=[{value:"Defining targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default target",id:"default-target",level:2}],u={toc:c};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},u,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style")),(0,a.kt)("p",null,"When deploying ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,a.kt)("h2",{id:"defining-targets"},"Defining targets"),(0,a.kt)("p",null,"The deployment targets of ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,a.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n # A specific cluster by name that will be selected\n clusterName: cluster1\n')),(0,a.kt)("h2",{id:"target-matching"},"Target Matching"),(0,a.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,a.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,a.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,a.kt)("h2",{id:"default-target"},"Default target"),(0,a.kt)("p",null,"If no target is set for the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,a.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/b9a03c38.eee9c13a.js b/assets/js/b9a03c38.4a3874b3.js similarity index 98% rename from assets/js/b9a03c38.eee9c13a.js rename to assets/js/b9a03c38.4a3874b3.js index 3fda26dee..986218241 100644 --- a/assets/js/b9a03c38.eee9c13a.js +++ b/assets/js/b9a03c38.4a3874b3.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4581],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var l=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);t&&(l=l.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,l)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(l=0;l=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=l.createContext({}),p=function(e){var t=l.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return l.createElement(s.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return l.createElement(l.Fragment,{},t)}},u=l.forwardRef((function(e,t){var n=e.components,a=e.mdxType,r=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),u=p(n),d=a,h=u["".concat(s,".").concat(d)]||u[d]||m[d]||r;return n?l.createElement(h,o(o({ref:t},c),{},{components:n})):l.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var r=n.length,o=new Array(r);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>m,frontMatter:()=>r,metadata:()=>i,toc:()=>p});var l=n(7462),a=(n(7294),n(3905));const r={},o="Examples",i={unversionedId:"examples",id:"version-0.5/examples",title:"Examples",description:"Lifecycle of a Fleet Bundle",source:"@site/versioned_docs/version-0.5/examples.md",sourceDirName:".",slug:"/examples",permalink:"/0.5/examples",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/examples.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/0.5/architecture"},next:{title:"Overview",permalink:"/0.5/cluster-overview"}},s={},p=[{value:"Lifecycle of a Fleet Bundle",id:"lifecycle-of-a-fleet-bundle",level:3},{value:"Deploy Kubernetes Manifests Across Clusters with Customization",id:"deploy-kubernetes-manifests-across-clusters-with-customization",level:3},{value:"Additional Examples",id:"additional-examples",level:3}],c={toc:p};function m(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,l.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"examples"},"Examples"),(0,a.kt)("h3",{id:"lifecycle-of-a-fleet-bundle"},"Lifecycle of a Fleet Bundle"),(0,a.kt)("p",null,"To demonstrate the lifecycle of a Fleet bundle, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"User will create a ",(0,a.kt)("a",{parentName:"li",href:"/0.5/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,a.kt)("a",{parentName:"li",href:"/0.5/webhook"},"webhook event"),". With every commit change, the ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,a.kt)("a",{parentName:"li",href:"/0.5/cluster-bundles-state#bundles"},"bundle"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,a.kt)("ol",{start:3},(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,a.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,a.kt)("h3",{id:"deploy-kubernetes-manifests-across-clusters-with-customization"},"Deploy Kubernetes Manifests Across Clusters with Customization"),(0,a.kt)("p",null,(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,a.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters using Fleet, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml")," as a case study."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,a.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,a.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,a.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Expected behavior:")," "),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,a.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,a.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,a.kt)("li",{parentName:"ol"},"Under ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,a.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),": ")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result:")),(0,a.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,a.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,a.kt)("h3",{id:"additional-examples"},"Additional Examples"),(0,a.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}m.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4581],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var l=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);t&&(l=l.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,l)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(l=0;l=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=l.createContext({}),p=function(e){var t=l.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return l.createElement(s.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return l.createElement(l.Fragment,{},t)}},u=l.forwardRef((function(e,t){var n=e.components,a=e.mdxType,r=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),u=p(n),d=a,h=u["".concat(s,".").concat(d)]||u[d]||m[d]||r;return n?l.createElement(h,o(o({ref:t},c),{},{components:n})):l.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var r=n.length,o=new Array(r);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>m,frontMatter:()=>r,metadata:()=>i,toc:()=>p});var l=n(7462),a=(n(7294),n(3905));const r={},o="Examples",i={unversionedId:"examples",id:"version-0.5/examples",title:"Examples",description:"Lifecycle of a Fleet Bundle",source:"@site/versioned_docs/version-0.5/examples.md",sourceDirName:".",slug:"/examples",permalink:"/0.5/examples",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/examples.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/0.5/architecture"},next:{title:"Overview",permalink:"/0.5/cluster-overview"}},s={},p=[{value:"Lifecycle of a Fleet Bundle",id:"lifecycle-of-a-fleet-bundle",level:3},{value:"Deploy Kubernetes Manifests Across Clusters with Customization",id:"deploy-kubernetes-manifests-across-clusters-with-customization",level:3},{value:"Additional Examples",id:"additional-examples",level:3}],c={toc:p};function m(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,l.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"examples"},"Examples"),(0,a.kt)("h3",{id:"lifecycle-of-a-fleet-bundle"},"Lifecycle of a Fleet Bundle"),(0,a.kt)("p",null,"To demonstrate the lifecycle of a Fleet bundle, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"User will create a ",(0,a.kt)("a",{parentName:"li",href:"/0.5/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,a.kt)("a",{parentName:"li",href:"/0.5/webhook"},"webhook event"),". With every commit change, the ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,a.kt)("a",{parentName:"li",href:"/0.5/cluster-bundles-state#bundles"},"bundle"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,a.kt)("ol",{start:3},(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,a.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,a.kt)("h3",{id:"deploy-kubernetes-manifests-across-clusters-with-customization"},"Deploy Kubernetes Manifests Across Clusters with Customization"),(0,a.kt)("p",null,(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,a.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters using Fleet, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml")," as a case study."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,a.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,a.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,a.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Expected behavior:")," "),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,a.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,a.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,a.kt)("li",{parentName:"ol"},"Under ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,a.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),": ")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result:")),(0,a.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,a.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,a.kt)("h3",{id:"additional-examples"},"Additional Examples"),(0,a.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}m.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/bd465781.7f2353e5.js b/assets/js/bd465781.bb709602.js similarity index 97% rename from assets/js/bd465781.7f2353e5.js rename to assets/js/bd465781.bb709602.js index a4573a242..23a0f93d2 100644 --- a/assets/js/bd465781.7f2353e5.js +++ b/assets/js/bd465781.bb709602.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2112],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),f=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=f(e.components);return r.createElement(c.Provider,{value:t},e.children)},s={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=f(n),d=l,m=u["".concat(c,".").concat(d)]||u[d]||s[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var f=2;f{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>s,frontMatter:()=>a,metadata:()=>i,toc:()=>f});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet",id:"cli/fleet-cli/fleet",title:"",description:"fleet",source:"@site/docs/cli/fleet-cli/fleet.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet",permalink:"/cli/fleet-cli/fleet",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-cli/fleet.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{title:"",sidebar_label:"fleet"},sidebar:"docs",previous:{title:"fleet-agent",permalink:"/cli/fleet-agent/"},next:{title:"fleet apply",permalink:"/cli/fleet-cli/fleet_apply"}},c={},f=[{value:"fleet",id:"fleet",level:2},{value:"Options",id:"options",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:f};function s(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet"},"fleet"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_apply"},"fleet apply"),"\t - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_test"},"fleet test"),"\t - Match a bundle to a target and render the output")))}s.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2112],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),f=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=f(e.components);return r.createElement(c.Provider,{value:t},e.children)},s={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=f(n),d=l,m=u["".concat(c,".").concat(d)]||u[d]||s[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var f=2;f{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>s,frontMatter:()=>a,metadata:()=>i,toc:()=>f});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet",id:"cli/fleet-cli/fleet",title:"",description:"fleet",source:"@site/docs/cli/fleet-cli/fleet.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet",permalink:"/cli/fleet-cli/fleet",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-cli/fleet.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{title:"",sidebar_label:"fleet"},sidebar:"docs",previous:{title:"fleet-agent",permalink:"/cli/fleet-agent/"},next:{title:"fleet apply",permalink:"/cli/fleet-cli/fleet_apply"}},c={},f=[{value:"fleet",id:"fleet",level:2},{value:"Options",id:"options",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:f};function s(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet"},"fleet"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_apply"},"fleet apply"),"\t - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_test"},"fleet test"),"\t - Match a bundle to a target and render the output")))}s.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/c211f800.43b0d0fc.js b/assets/js/c211f800.6ba0cf6c.js similarity index 98% rename from assets/js/c211f800.43b0d0fc.js rename to assets/js/c211f800.6ba0cf6c.js index f985d3eec..696c3d9bf 100644 --- a/assets/js/c211f800.43b0d0fc.js +++ b/assets/js/c211f800.6ba0cf6c.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9504],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),s=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=s(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=c(e,["components","mdxType","originalType","parentName"]),d=s(n),m=a,g=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?r.createElement(g,o(o({ref:t},u),{},{components:n})):r.createElement(g,o({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,o=new Array(i);o[0]=d;var c={};for(var l in t)hasOwnProperty.call(t,l)&&(c[l]=t[l]);c.originalType=e,c.mdxType="string"==typeof e?e:a,o[1]=c;for(var s=2;s{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>c,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const i={},o="Manager Initiated",c={unversionedId:"manager-initiated",id:"manager-initiated",title:"Manager Initiated",description:"Refer to the overview page for a background information on the manager initiated registration style.",source:"@site/docs/manager-initiated.md",sourceDirName:".",slug:"/manager-initiated",permalink:"/manager-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/manager-initiated.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Agent Initiated",permalink:"/agent-initiated"},next:{title:"Cluster Groups",permalink:"/cluster-group"}},l={},s=[{value:"Kubeconfig Secret",id:"kubeconfig-secret",level:2},{value:"Example",id:"example",level:2},{value:"Kubeconfig Secret",id:"kubeconfig-secret-1",level:3},{value:"Cluster",id:"cluster",level:3}],u={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"manager-initiated"},"Manager Initiated"),(0,a.kt)("p",null,"Refer to the ",(0,a.kt)("a",{parentName:"p",href:"/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the manager initiated registration style."),(0,a.kt)("h2",{id:"kubeconfig-secret"},"Kubeconfig Secret"),(0,a.kt)("p",null,"The manager initiated registration flow is accomplished by creating a\n",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,a.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,a.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,a.kt)("p",null,"The format of this secret is intended to match the ",(0,a.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format"),"\nof the kubeconfig\nsecret used in ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically\nregistered with Fleet."),(0,a.kt)("h2",{id:"example"},"Example"),(0,a.kt)("h3",{id:"kubeconfig-secret-1"},"Kubeconfig Secret"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,a.kt)("h3",{id:"cluster"},"Cluster"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9504],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),s=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=s(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=c(e,["components","mdxType","originalType","parentName"]),d=s(n),m=a,g=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?r.createElement(g,o(o({ref:t},u),{},{components:n})):r.createElement(g,o({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,o=new Array(i);o[0]=d;var c={};for(var l in t)hasOwnProperty.call(t,l)&&(c[l]=t[l]);c.originalType=e,c.mdxType="string"==typeof e?e:a,o[1]=c;for(var s=2;s{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>c,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const i={},o="Manager Initiated",c={unversionedId:"manager-initiated",id:"manager-initiated",title:"Manager Initiated",description:"Refer to the overview page for a background information on the manager initiated registration style.",source:"@site/docs/manager-initiated.md",sourceDirName:".",slug:"/manager-initiated",permalink:"/manager-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/manager-initiated.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Agent Initiated",permalink:"/agent-initiated"},next:{title:"Cluster Groups",permalink:"/cluster-group"}},l={},s=[{value:"Kubeconfig Secret",id:"kubeconfig-secret",level:2},{value:"Example",id:"example",level:2},{value:"Kubeconfig Secret",id:"kubeconfig-secret-1",level:3},{value:"Cluster",id:"cluster",level:3}],u={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"manager-initiated"},"Manager Initiated"),(0,a.kt)("p",null,"Refer to the ",(0,a.kt)("a",{parentName:"p",href:"/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the manager initiated registration style."),(0,a.kt)("h2",{id:"kubeconfig-secret"},"Kubeconfig Secret"),(0,a.kt)("p",null,"The manager initiated registration flow is accomplished by creating a\n",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,a.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,a.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,a.kt)("p",null,"The format of this secret is intended to match the ",(0,a.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format"),"\nof the kubeconfig\nsecret used in ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically\nregistered with Fleet."),(0,a.kt)("h2",{id:"example"},"Example"),(0,a.kt)("h3",{id:"kubeconfig-secret-1"},"Kubeconfig Secret"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,a.kt)("h3",{id:"cluster"},"Cluster"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/c377a04b.8edfea16.js b/assets/js/c377a04b.5bd1461a.js similarity index 98% rename from assets/js/c377a04b.8edfea16.js rename to assets/js/c377a04b.5bd1461a.js index 11e7cb922..4ae99e97b 100644 --- a/assets/js/c377a04b.8edfea16.js +++ b/assets/js/c377a04b.5bd1461a.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6971],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,f=m["".concat(l,".").concat(d)]||m[d]||p[d]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=m;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"index",title:"Overview",description:"What is Fleet?",source:"@site/docs/index.md",sourceDirName:".",slug:"/",permalink:"/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/index.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6971],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,f=m["".concat(l,".").concat(d)]||m[d]||p[d]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=m;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"index",title:"Overview",description:"What is Fleet?",source:"@site/docs/index.md",sourceDirName:".",slug:"/",permalink:"/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/index.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file diff --git a/assets/js/c7381d34.44ac32d3.js b/assets/js/c7381d34.b5bef923.js similarity index 98% rename from assets/js/c7381d34.44ac32d3.js rename to assets/js/c7381d34.b5bef923.js index be900f954..1b84e899a 100644 --- a/assets/js/c7381d34.44ac32d3.js +++ b/assets/js/c7381d34.b5bef923.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7544],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Webhook",l={unversionedId:"webhook",id:"webhook",title:"Webhook",description:"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,",source:"@site/docs/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/webhook.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs for Modified GitRepos",permalink:"/bundle-diffs"},next:{title:"Image scan",permalink:"/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"webhook"},"Webhook"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,\nGitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7544],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Webhook",l={unversionedId:"webhook",id:"webhook",title:"Webhook",description:"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,",source:"@site/docs/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/webhook.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs for Modified GitRepos",permalink:"/bundle-diffs"},next:{title:"Image scan",permalink:"/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"webhook"},"Webhook"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,\nGitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file diff --git a/assets/js/cd0bf424.bb601075.js b/assets/js/cd0bf424.dc4ca605.js similarity index 96% rename from assets/js/cd0bf424.bb601075.js rename to assets/js/cd0bf424.dc4ca605.js index 6a8a78f45..61bb9e4db 100644 --- a/assets/js/cd0bf424.bb601075.js +++ b/assets/js/cd0bf424.dc4ca605.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[208],{3905:(e,t,l)=>{l.d(t,{Zo:()=>u,kt:()=>m});var n=l(7294);function r(e,t,l){return t in e?Object.defineProperty(e,t,{value:l,enumerable:!0,configurable:!0,writable:!0}):e[t]=l,e}function s(e,t){var l=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),l.push.apply(l,n)}return l}function a(e){for(var t=1;t=0||(r[l]=e[l]);return r}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,l)&&(r[l]=e[l])}return r}var i=n.createContext({}),c=function(e){var t=n.useContext(i),l=t;return e&&(l="function"==typeof e?e(t):a(a({},t),e)),l},u=function(e){var t=c(e.components);return n.createElement(i.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var l=e.components,r=e.mdxType,s=e.originalType,i=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),d=c(l),m=r,h=d["".concat(i,".").concat(m)]||d[m]||p[m]||s;return l?n.createElement(h,a(a({ref:t},u),{},{components:l})):n.createElement(h,a({ref:t},u))}));function m(e,t){var l=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var s=l.length,a=new Array(s);a[0]=d;var o={};for(var i in t)hasOwnProperty.call(t,i)&&(o[i]=t[i]);o.originalType=e,o.mdxType="string"==typeof e?e:r,a[1]=o;for(var c=2;c{l.r(t),l.d(t,{assets:()=>i,contentTitle:()=>a,default:()=>p,frontMatter:()=>s,metadata:()=>o,toc:()=>c});var n=l(7462),r=(l(7294),l(3905));const s={},a="Single Cluster Install",o={unversionedId:"single-cluster-install",id:"version-0.4/single-cluster-install",title:"Single Cluster Install",description:"In this use case you have only one cluster. The cluster will run both the Fleet",source:"@site/versioned_docs/version-0.4/single-cluster-install.md",sourceDirName:".",slug:"/single-cluster-install",permalink:"/0.4/single-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/single-cluster-install.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation",permalink:"/0.4/installation"},next:{title:"Multi-cluster Install",permalink:"/0.4/multi-cluster-install"}},i={},c=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"Install",id:"install",level:2}],u={toc:c};function p(e){let{components:t,...s}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,s,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"single-cluster-install"},"Single Cluster Install"),(0,r.kt)("p",null,(0,r.kt)("img",{src:l(1313).Z,width:"520",height:"279"})),(0,r.kt)("p",null,"In this use case you have only one cluster. The cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,r.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,r.kt)("h3",{id:"helm-3"},"Helm 3"),(0,r.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,r.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,r.kt)("p",null,"macOS"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,r.kt)("p",null,"Windows"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,r.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,r.kt)("p",null,"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the\nsingle cluster use case you will install Fleet to the cluster which you intend to manage with GitOps.\nAny Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,r.kt)("h2",{id:"install"},"Install"),(0,r.kt)("p",null,"Install the following two Helm charts."),(0,r.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.0/fleet-crd-0.4.0.tgz\n")),(0,r.kt)("p",null,"Second install the Fleet controllers."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet https://github.com/rancher/fleet/releases/download/v0.4.0/fleet-0.4.0.tgz\n")),(0,r.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,r.kt)("p",null,"You can now ",(0,r.kt)("a",{parentName:"p",href:"/0.4/gitrepo-add"},"register some git repos")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."))}p.isMDXComponent=!0},1313:(e,t,l)=>{l.d(t,{Z:()=>n});const n=l.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[208],{3905:(e,t,l)=>{l.d(t,{Zo:()=>u,kt:()=>m});var n=l(7294);function r(e,t,l){return t in e?Object.defineProperty(e,t,{value:l,enumerable:!0,configurable:!0,writable:!0}):e[t]=l,e}function s(e,t){var l=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),l.push.apply(l,n)}return l}function a(e){for(var t=1;t=0||(r[l]=e[l]);return r}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,l)&&(r[l]=e[l])}return r}var i=n.createContext({}),c=function(e){var t=n.useContext(i),l=t;return e&&(l="function"==typeof e?e(t):a(a({},t),e)),l},u=function(e){var t=c(e.components);return n.createElement(i.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var l=e.components,r=e.mdxType,s=e.originalType,i=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),d=c(l),m=r,h=d["".concat(i,".").concat(m)]||d[m]||p[m]||s;return l?n.createElement(h,a(a({ref:t},u),{},{components:l})):n.createElement(h,a({ref:t},u))}));function m(e,t){var l=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var s=l.length,a=new Array(s);a[0]=d;var o={};for(var i in t)hasOwnProperty.call(t,i)&&(o[i]=t[i]);o.originalType=e,o.mdxType="string"==typeof e?e:r,a[1]=o;for(var c=2;c{l.r(t),l.d(t,{assets:()=>i,contentTitle:()=>a,default:()=>p,frontMatter:()=>s,metadata:()=>o,toc:()=>c});var n=l(7462),r=(l(7294),l(3905));const s={},a="Single Cluster Install",o={unversionedId:"single-cluster-install",id:"version-0.4/single-cluster-install",title:"Single Cluster Install",description:"In this use case you have only one cluster. The cluster will run both the Fleet",source:"@site/versioned_docs/version-0.4/single-cluster-install.md",sourceDirName:".",slug:"/single-cluster-install",permalink:"/0.4/single-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/single-cluster-install.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation",permalink:"/0.4/installation"},next:{title:"Multi-cluster Install",permalink:"/0.4/multi-cluster-install"}},i={},c=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"Install",id:"install",level:2}],u={toc:c};function p(e){let{components:t,...s}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,s,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"single-cluster-install"},"Single Cluster Install"),(0,r.kt)("p",null,(0,r.kt)("img",{src:l(1313).Z,width:"520",height:"279"})),(0,r.kt)("p",null,"In this use case you have only one cluster. The cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,r.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,r.kt)("h3",{id:"helm-3"},"Helm 3"),(0,r.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,r.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,r.kt)("p",null,"macOS"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,r.kt)("p",null,"Windows"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,r.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,r.kt)("p",null,"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the\nsingle cluster use case you will install Fleet to the cluster which you intend to manage with GitOps.\nAny Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,r.kt)("h2",{id:"install"},"Install"),(0,r.kt)("p",null,"Install the following two Helm charts."),(0,r.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-0.4.1.tgz\n")),(0,r.kt)("p",null,"Second install the Fleet controllers."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-0.4.1.tgz\n")),(0,r.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,r.kt)("p",null,"You can now ",(0,r.kt)("a",{parentName:"p",href:"/0.4/gitrepo-add"},"register some git repos")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."))}p.isMDXComponent=!0},1313:(e,t,l)=>{l.d(t,{Z:()=>n});const n=l.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file diff --git a/assets/js/cd323ffc.ae828115.js b/assets/js/cd323ffc.4c90cc15.js similarity index 98% rename from assets/js/cd323ffc.ae828115.js rename to assets/js/cd323ffc.4c90cc15.js index e22650aeb..6e3bebb68 100644 --- a/assets/js/cd323ffc.ae828115.js +++ b/assets/js/cd323ffc.4c90cc15.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1910],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>d});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},u=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,l=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),u=c(n),d=r,g=u["".concat(l,".").concat(d)]||u[d]||p[d]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function d(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=u;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const o={},i="Image scan",s={unversionedId:"imagescan",id:"imagescan",title:"Image scan",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/docs/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/imagescan.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Webhook",permalink:"/webhook"},next:{title:"Troubleshooting",permalink:"/troubleshooting"}},l={},c=[],m={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"image-scan"},"Image scan"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order \n- policy: \n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver: \n range: "*" \n # can use ascending or descending order\n alphabetical:\n order: asc \n\n # specify images to scan\n image: "your.registry.com/repo/image" \n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret \n\n # Specify the scan interval\n interval: 5m \n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples \n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m \n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret \n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1910],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>d});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},u=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,l=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),u=c(n),d=r,g=u["".concat(l,".").concat(d)]||u[d]||p[d]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function d(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=u;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const o={},i="Image scan",s={unversionedId:"imagescan",id:"imagescan",title:"Image scan",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/docs/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/imagescan.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Webhook",permalink:"/webhook"},next:{title:"Troubleshooting",permalink:"/troubleshooting"}},l={},c=[],m={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"image-scan"},"Image scan"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order \n- policy: \n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver: \n range: "*" \n # can use ascending or descending order\n alphabetical:\n order: asc \n\n # specify images to scan\n image: "your.registry.com/repo/image" \n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret \n\n # Specify the scan interval\n interval: 5m \n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples \n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m \n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret \n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/d162992c.b9d512be.js b/assets/js/d162992c.ebe773a2.js similarity index 98% rename from assets/js/d162992c.b9d512be.js rename to assets/js/d162992c.ebe773a2.js index 87850c05a..0dd30402b 100644 --- a/assets/js/d162992c.b9d512be.js +++ b/assets/js/d162992c.ebe773a2.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6098],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=r,k=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?a.createElement(k,o(o({ref:t},u),{},{components:n})):a.createElement(k,o({ref:t},u))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const i={},o="Cluster Registration Tokens",s={unversionedId:"cluster-tokens",id:"cluster-tokens",title:"Cluster Registration Tokens",description:"Not needed for Manager initiated registration:",source:"@site/docs/cluster-tokens.md",sourceDirName:".",slug:"/cluster-tokens",permalink:"/cluster-tokens",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cluster-tokens.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/cluster-overview"},next:{title:"Agent Initiated",permalink:"/agent-initiated"}},l={},c=[{value:"Token TTL",id:"token-ttl",level:2},{value:"Create a new Token",id:"create-a-new-token",level:2},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:2}],u={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"cluster-registration-tokens"},"Cluster Registration Tokens"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Not needed for Manager initiated registration"),":\nFor manager initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,r.kt)("p",null,"For an agent initiated registration the downstream cluster must have a cluster registration token.\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,r.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,r.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,r.kt)("h2",{id:"token-ttl"},"Token TTL"),(0,r.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,r.kt)("h2",{id:"create-a-new-token"},"Create a new Token"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,r.kt)("a",{parentName:"p",href:"/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,r.kt)("p",null,"After the ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,r.kt)("p",null,"One way to do so is via the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,r.kt)("h2",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,r.kt)("p",null,"The token value contains YAML content for a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,r.kt)("p",null,"Such value is contained in the ",(0,r.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,r.kt)("p",null,"Once the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6098],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=r,k=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?a.createElement(k,o(o({ref:t},u),{},{components:n})):a.createElement(k,o({ref:t},u))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const i={},o="Cluster Registration Tokens",s={unversionedId:"cluster-tokens",id:"cluster-tokens",title:"Cluster Registration Tokens",description:"Not needed for Manager initiated registration:",source:"@site/docs/cluster-tokens.md",sourceDirName:".",slug:"/cluster-tokens",permalink:"/cluster-tokens",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cluster-tokens.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/cluster-overview"},next:{title:"Agent Initiated",permalink:"/agent-initiated"}},l={},c=[{value:"Token TTL",id:"token-ttl",level:2},{value:"Create a new Token",id:"create-a-new-token",level:2},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:2}],u={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"cluster-registration-tokens"},"Cluster Registration Tokens"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Not needed for Manager initiated registration"),":\nFor manager initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,r.kt)("p",null,"For an agent initiated registration the downstream cluster must have a cluster registration token.\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,r.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,r.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,r.kt)("h2",{id:"token-ttl"},"Token TTL"),(0,r.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,r.kt)("h2",{id:"create-a-new-token"},"Create a new Token"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,r.kt)("a",{parentName:"p",href:"/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,r.kt)("p",null,"After the ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,r.kt)("p",null,"One way to do so is via the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,r.kt)("h2",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,r.kt)("p",null,"The token value contains YAML content for a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,r.kt)("p",null,"Such value is contained in the ",(0,r.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,r.kt)("p",null,"Once the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/d3d9887a.2d5d96ae.js b/assets/js/d3d9887a.ea8deade.js similarity index 99% rename from assets/js/d3d9887a.2d5d96ae.js rename to assets/js/d3d9887a.ea8deade.js index bf6b6b686..021369eab 100644 --- a/assets/js/d3d9887a.2d5d96ae.js +++ b/assets/js/d3d9887a.ea8deade.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3714],{3905:(e,t,a)=>{a.d(t,{Zo:()=>u,kt:()=>m});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var s=n.createContext({}),p=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},u=function(e){var t=p(e.components);return n.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),c=p(a),m=r,h=c["".concat(s,".").concat(m)]||c[m]||d[m]||l;return a?n.createElement(h,o(o({ref:t},u),{},{components:a})):n.createElement(h,o({ref:t},u))}));function m(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=a.length,o=new Array(l);o[0]=c;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),r=(a(7294),a(3905));const l={},o="Expected Repo Structure",i={unversionedId:"gitrepo-structure",id:"version-0.5/gitrepo-structure",title:"Expected Repo Structure",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/versioned_docs/version-0.5/gitrepo-structure.md",sourceDirName:".",slug:"/gitrepo-structure",permalink:"/0.5/gitrepo-structure",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/gitrepo-structure.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Adding a GitRepo",permalink:"/0.5/gitrepo-add"},next:{title:"Mapping to Downstream Clusters",permalink:"/0.5/gitrepo-targets"}},s={},p=[{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Reference",id:"reference",level:3},{value:"Private Helm Repositories",id:"private-helm-repositories",level:3},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle state",id:"cluster-and-bundle-state",level:2}],u={toc:p};function d(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"expected-repo-structure"},"Expected Repo Structure"),(0,r.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,r.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,r.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,r.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,r.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,r.kt)("p",null,"Multiple paths can be defined for a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,r.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"File"),(0,r.kt)("th",{parentName:"tr",align:null},"Location"),(0,r.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,r.kt)("a",{parentName:"td",href:"/0.5/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"}," *.yaml ")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If a ",(0,r.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,r.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")),(0,r.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,r.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,r.kt)("h2",{id:"fleetyaml"},(0,r.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,r.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,r.kt)("h3",{id:"reference"},"Reference"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,r.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,r.kt)("ul",{parentName:"admonition"},(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,r.kt)("inlineCode",{parentName:"p"},"helmValues")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),".")))),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n variableName: global.fleet.clusterLabels.LABELNAME\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default \n key: values.yaml\n secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n\n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector: agroup\n \n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. \n clusterName: dev-cluster \n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n - name: one-multi-cluster-hello-world\n')),(0,r.kt)("h3",{id:"private-helm-repositories"},"Private Helm Repositories"),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,r.kt)("a",{parentName:"p",href:"gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,r.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,r.kt)("p",null,"These examples showcase the style and format for using ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in downstream clusters."),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata: \n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,r.kt)("p",null,"There are three approaches to matching clusters for both ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,r.kt)("p",null,"When using Kustomize or Helm the ",(0,r.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,r.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file we be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,r.kt)("p",null,"A file named ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents a file the convention of adding ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,r.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,r.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"/0.5/cluster-bundles-state"},"Cluster and Bundle state"),"."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3714],{3905:(e,t,a)=>{a.d(t,{Zo:()=>u,kt:()=>m});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var s=n.createContext({}),p=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},u=function(e){var t=p(e.components);return n.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),c=p(a),m=r,h=c["".concat(s,".").concat(m)]||c[m]||d[m]||l;return a?n.createElement(h,o(o({ref:t},u),{},{components:a})):n.createElement(h,o({ref:t},u))}));function m(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=a.length,o=new Array(l);o[0]=c;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),r=(a(7294),a(3905));const l={},o="Expected Repo Structure",i={unversionedId:"gitrepo-structure",id:"version-0.5/gitrepo-structure",title:"Expected Repo Structure",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/versioned_docs/version-0.5/gitrepo-structure.md",sourceDirName:".",slug:"/gitrepo-structure",permalink:"/0.5/gitrepo-structure",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/gitrepo-structure.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Adding a GitRepo",permalink:"/0.5/gitrepo-add"},next:{title:"Mapping to Downstream Clusters",permalink:"/0.5/gitrepo-targets"}},s={},p=[{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Reference",id:"reference",level:3},{value:"Private Helm Repositories",id:"private-helm-repositories",level:3},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle state",id:"cluster-and-bundle-state",level:2}],u={toc:p};function d(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"expected-repo-structure"},"Expected Repo Structure"),(0,r.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,r.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,r.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,r.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,r.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,r.kt)("p",null,"Multiple paths can be defined for a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,r.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"File"),(0,r.kt)("th",{parentName:"tr",align:null},"Location"),(0,r.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,r.kt)("a",{parentName:"td",href:"/0.5/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"}," *.yaml ")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If a ",(0,r.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,r.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")),(0,r.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,r.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,r.kt)("h2",{id:"fleetyaml"},(0,r.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,r.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,r.kt)("h3",{id:"reference"},"Reference"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,r.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,r.kt)("ul",{parentName:"admonition"},(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,r.kt)("inlineCode",{parentName:"p"},"helmValues")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),".")))),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n variableName: global.fleet.clusterLabels.LABELNAME\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default \n key: values.yaml\n secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n\n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector: agroup\n \n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. \n clusterName: dev-cluster \n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n - name: one-multi-cluster-hello-world\n')),(0,r.kt)("h3",{id:"private-helm-repositories"},"Private Helm Repositories"),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,r.kt)("a",{parentName:"p",href:"gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,r.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,r.kt)("p",null,"These examples showcase the style and format for using ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in downstream clusters."),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata: \n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,r.kt)("p",null,"There are three approaches to matching clusters for both ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,r.kt)("p",null,"When using Kustomize or Helm the ",(0,r.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,r.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file we be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,r.kt)("p",null,"A file named ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents a file the convention of adding ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,r.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,r.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"/0.5/cluster-bundles-state"},"Cluster and Bundle state"),"."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/d8f58335.ae268529.js b/assets/js/d8f58335.cce42ba6.js similarity index 98% rename from assets/js/d8f58335.ae268529.js rename to assets/js/d8f58335.cce42ba6.js index 0ef4bea31..1ebeede96 100644 --- a/assets/js/d8f58335.ae268529.js +++ b/assets/js/d8f58335.cce42ba6.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[764],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},p=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),p=c(n),f=a,m=p["".concat(l,".").concat(f)]||p[f]||d[f]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=p;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>d,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Advanced Users",i={unversionedId:"advanced-users",id:"version-0.4/advanced-users",title:"Advanced Users",description:"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.",source:"@site/versioned_docs/version-0.4/advanced-users.md",sourceDirName:".",slug:"/advanced-users",permalink:"/0.4/advanced-users",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/advanced-users.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Troubleshooting",permalink:"/0.4/troubleshooting"},next:{title:"Installation",permalink:"/0.4/installation"}},l={},c=[],u={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"advanced-users"},"Advanced Users"),(0,a.kt)("p",null,"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases."),(0,a.kt)("p",null,"The following are examples of advanced use cases:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},"Nested GitRepo CRs"),(0,a.kt)("blockquote",{parentName:"li"},(0,a.kt)("p",{parentName:"blockquote"},"Managing Fleet within Fleet (nested GitRepo usage) is not currently supported. We will update the documentation if support becomes available."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.4/single-cluster-install"},"Single cluster installation"))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.4/multi-cluster-install"},"Multi-cluster installation")," "))),(0,a.kt)("p",null,"Please refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/installation"},"installation")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/uninstall"},"uninstall")," documentation for additional information."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[764],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},p=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),p=c(n),f=a,m=p["".concat(l,".").concat(f)]||p[f]||d[f]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=p;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>d,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Advanced Users",i={unversionedId:"advanced-users",id:"version-0.4/advanced-users",title:"Advanced Users",description:"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.",source:"@site/versioned_docs/version-0.4/advanced-users.md",sourceDirName:".",slug:"/advanced-users",permalink:"/0.4/advanced-users",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/advanced-users.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Troubleshooting",permalink:"/0.4/troubleshooting"},next:{title:"Installation",permalink:"/0.4/installation"}},l={},c=[],u={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"advanced-users"},"Advanced Users"),(0,a.kt)("p",null,"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases."),(0,a.kt)("p",null,"The following are examples of advanced use cases:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},"Nested GitRepo CRs"),(0,a.kt)("blockquote",{parentName:"li"},(0,a.kt)("p",{parentName:"blockquote"},"Managing Fleet within Fleet (nested GitRepo usage) is not currently supported. We will update the documentation if support becomes available."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.4/single-cluster-install"},"Single cluster installation"))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.4/multi-cluster-install"},"Multi-cluster installation")," "))),(0,a.kt)("p",null,"Please refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/installation"},"installation")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/uninstall"},"uninstall")," documentation for additional information."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/da21831e.6a9ee733.js b/assets/js/da21831e.59a7e060.js similarity index 98% rename from assets/js/da21831e.6a9ee733.js rename to assets/js/da21831e.59a7e060.js index cae9e7228..e05154adf 100644 --- a/assets/js/da21831e.6a9ee733.js +++ b/assets/js/da21831e.59a7e060.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4893],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},p=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),p=c(n),f=a,m=p["".concat(l,".").concat(f)]||p[f]||d[f]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=p;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>d,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Advanced Users",i={unversionedId:"advanced-users",id:"version-0.5/advanced-users",title:"Advanced Users",description:"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.",source:"@site/versioned_docs/version-0.5/advanced-users.md",sourceDirName:".",slug:"/advanced-users",permalink:"/0.5/advanced-users",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/advanced-users.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Troubleshooting",permalink:"/0.5/troubleshooting"},next:{title:"Installation",permalink:"/0.5/installation"}},l={},c=[],u={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"advanced-users"},"Advanced Users"),(0,a.kt)("p",null,"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases."),(0,a.kt)("p",null,"The following are examples of advanced use cases:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},"Nested GitRepo CRs"),(0,a.kt)("blockquote",{parentName:"li"},(0,a.kt)("p",{parentName:"blockquote"},"Managing Fleet within Fleet (nested GitRepo usage) is not currently supported. We will update the documentation if support becomes available."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.5/single-cluster-install"},"Single cluster installation"))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.5/multi-cluster-install"},"Multi-cluster installation")," "))),(0,a.kt)("p",null,"Please refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/installation"},"installation")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/uninstall"},"uninstall")," documentation for additional information."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4893],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},p=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),p=c(n),f=a,m=p["".concat(l,".").concat(f)]||p[f]||d[f]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=p;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>d,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Advanced Users",i={unversionedId:"advanced-users",id:"version-0.5/advanced-users",title:"Advanced Users",description:"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.",source:"@site/versioned_docs/version-0.5/advanced-users.md",sourceDirName:".",slug:"/advanced-users",permalink:"/0.5/advanced-users",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/advanced-users.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Troubleshooting",permalink:"/0.5/troubleshooting"},next:{title:"Installation",permalink:"/0.5/installation"}},l={},c=[],u={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"advanced-users"},"Advanced Users"),(0,a.kt)("p",null,"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases."),(0,a.kt)("p",null,"The following are examples of advanced use cases:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},"Nested GitRepo CRs"),(0,a.kt)("blockquote",{parentName:"li"},(0,a.kt)("p",{parentName:"blockquote"},"Managing Fleet within Fleet (nested GitRepo usage) is not currently supported. We will update the documentation if support becomes available."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.5/single-cluster-install"},"Single cluster installation"))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.5/multi-cluster-install"},"Multi-cluster installation")," "))),(0,a.kt)("p",null,"Please refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/installation"},"installation")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/uninstall"},"uninstall")," documentation for additional information."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/dd67116e.2d92b707.js b/assets/js/dd67116e.c47ac0f2.js similarity index 98% rename from assets/js/dd67116e.2d92b707.js rename to assets/js/dd67116e.c47ac0f2.js index 17ac61239..277712ee3 100644 --- a/assets/js/dd67116e.2d92b707.js +++ b/assets/js/dd67116e.c47ac0f2.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2425],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=r,k=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?a.createElement(k,o(o({ref:t},u),{},{components:n})):a.createElement(k,o({ref:t},u))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const i={},o="Cluster Registration Tokens",s={unversionedId:"cluster-tokens",id:"version-0.4/cluster-tokens",title:"Cluster Registration Tokens",description:"Not needed for Manager initiated registration:",source:"@site/versioned_docs/version-0.4/cluster-tokens.md",sourceDirName:".",slug:"/cluster-tokens",permalink:"/0.4/cluster-tokens",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-tokens.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.4/cluster-overview"},next:{title:"Agent Initiated",permalink:"/0.4/agent-initiated"}},l={},c=[{value:"Token TTL",id:"token-ttl",level:2},{value:"Create a new Token",id:"create-a-new-token",level:2},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:2}],u={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"cluster-registration-tokens"},"Cluster Registration Tokens"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Not needed for Manager initiated registration"),":\nFor manager initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,r.kt)("p",null,"For an agent initiated registration the downstream cluster must have a cluster registration token.\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,r.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,r.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,r.kt)("h2",{id:"token-ttl"},"Token TTL"),(0,r.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,r.kt)("h2",{id:"create-a-new-token"},"Create a new Token"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,r.kt)("a",{parentName:"p",href:"/0.4/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,r.kt)("p",null,"After the ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,r.kt)("p",null,"One way to do so is via the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,r.kt)("h2",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,r.kt)("p",null,"The token value contains YAML content for a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,r.kt)("p",null,"Such value is contained in the ",(0,r.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,r.kt)("p",null,"Once the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2425],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=r,k=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?a.createElement(k,o(o({ref:t},u),{},{components:n})):a.createElement(k,o({ref:t},u))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const i={},o="Cluster Registration Tokens",s={unversionedId:"cluster-tokens",id:"version-0.4/cluster-tokens",title:"Cluster Registration Tokens",description:"Not needed for Manager initiated registration:",source:"@site/versioned_docs/version-0.4/cluster-tokens.md",sourceDirName:".",slug:"/cluster-tokens",permalink:"/0.4/cluster-tokens",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-tokens.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.4/cluster-overview"},next:{title:"Agent Initiated",permalink:"/0.4/agent-initiated"}},l={},c=[{value:"Token TTL",id:"token-ttl",level:2},{value:"Create a new Token",id:"create-a-new-token",level:2},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:2}],u={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"cluster-registration-tokens"},"Cluster Registration Tokens"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Not needed for Manager initiated registration"),":\nFor manager initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,r.kt)("p",null,"For an agent initiated registration the downstream cluster must have a cluster registration token.\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,r.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,r.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,r.kt)("h2",{id:"token-ttl"},"Token TTL"),(0,r.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,r.kt)("h2",{id:"create-a-new-token"},"Create a new Token"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,r.kt)("a",{parentName:"p",href:"/0.4/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,r.kt)("p",null,"After the ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,r.kt)("p",null,"One way to do so is via the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,r.kt)("h2",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,r.kt)("p",null,"The token value contains YAML content for a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,r.kt)("p",null,"Such value is contained in the ",(0,r.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,r.kt)("p",null,"Once the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/dd81469d.8594a1aa.js b/assets/js/dd81469d.eac7dcff.js similarity index 97% rename from assets/js/dd81469d.8594a1aa.js rename to assets/js/dd81469d.eac7dcff.js index b837e078e..562d25ea3 100644 --- a/assets/js/dd81469d.8594a1aa.js +++ b/assets/js/dd81469d.eac7dcff.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8361],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),s=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=s(n),d=l,m=u["".concat(c,".").concat(d)]||u[d]||f[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>f,frontMatter:()=>a,metadata:()=>i,toc:()=>s});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet test"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet_test",id:"cli/fleet-cli/fleet_test",title:"",description:"fleet test",source:"@site/docs/cli/fleet-cli/fleet_test.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_test",permalink:"/cli/fleet-cli/fleet_test",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-cli/fleet_test.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{title:"",sidebar_label:"fleet test"},sidebar:"docs",previous:{title:"fleet apply",permalink:"/cli/fleet-cli/fleet_apply"},next:{title:"fleet-manager",permalink:"/cli/fleet-controller/fleet-manager"}},c={},s=[{value:"fleet test",id:"fleet-test",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:s};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-test"},"fleet test"),(0,l.kt)("p",null,"Match a bundle to a target and render the output"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet test [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -g, --group string Cluster group to match against\n -L, --group-label strings Cluster group labels to match against\n -h, --help help for test\n -l, --label strings Cluster labels to match against\n -N, --name string Cluster name to match against\n -q, --quiet Just print the match and don't print the resources\n -t, --target string Explicit target to match\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8361],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),s=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=s(n),d=l,m=u["".concat(c,".").concat(d)]||u[d]||f[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>f,frontMatter:()=>a,metadata:()=>i,toc:()=>s});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet test"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet_test",id:"cli/fleet-cli/fleet_test",title:"",description:"fleet test",source:"@site/docs/cli/fleet-cli/fleet_test.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_test",permalink:"/cli/fleet-cli/fleet_test",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-cli/fleet_test.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{title:"",sidebar_label:"fleet test"},sidebar:"docs",previous:{title:"fleet apply",permalink:"/cli/fleet-cli/fleet_apply"},next:{title:"fleet-manager",permalink:"/cli/fleet-controller/fleet-manager"}},c={},s=[{value:"fleet test",id:"fleet-test",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:s};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-test"},"fleet test"),(0,l.kt)("p",null,"Match a bundle to a target and render the output"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet test [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -g, --group string Cluster group to match against\n -L, --group-label strings Cluster group labels to match against\n -h, --help help for test\n -l, --label strings Cluster labels to match against\n -N, --name string Cluster name to match against\n -q, --quiet Just print the match and don't print the resources\n -t, --target string Explicit target to match\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/de08e76e.365b0eb3.js b/assets/js/de08e76e.b2616e03.js similarity index 99% rename from assets/js/de08e76e.365b0eb3.js rename to assets/js/de08e76e.b2616e03.js index fc45041ef..7d5f0a737 100644 --- a/assets/js/de08e76e.365b0eb3.js +++ b/assets/js/de08e76e.b2616e03.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[299],{3905:(t,e,a)=>{a.d(e,{Zo:()=>k,kt:()=>g});var n=a(7294);function l(t,e,a){return e in t?Object.defineProperty(t,e,{value:a,enumerable:!0,configurable:!0,writable:!0}):t[e]=a,t}function r(t,e){var a=Object.keys(t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(t);e&&(n=n.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),a.push.apply(a,n)}return a}function i(t){for(var e=1;e=0||(l[a]=t[a]);return l}(t,e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(t,a)&&(l[a]=t[a])}return l}var m=n.createContext({}),u=function(t){var e=n.useContext(m),a=e;return t&&(a="function"==typeof t?t(e):i(i({},e),t)),a},k=function(t){var e=u(t.components);return n.createElement(m.Provider,{value:e},t.children)},d={inlineCode:"code",wrapper:function(t){var e=t.children;return n.createElement(n.Fragment,{},e)}},N=n.forwardRef((function(t,e){var a=t.components,l=t.mdxType,r=t.originalType,m=t.parentName,k=p(t,["components","mdxType","originalType","parentName"]),N=u(a),g=l,s=N["".concat(m,".").concat(g)]||N[g]||d[g]||r;return a?n.createElement(s,i(i({ref:e},k),{},{components:a})):n.createElement(s,i({ref:e},k))}));function g(t,e){var a=arguments,l=e&&e.mdxType;if("string"==typeof t||l){var r=a.length,i=new Array(r);i[0]=N;var p={};for(var m in e)hasOwnProperty.call(e,m)&&(p[m]=e[m]);p.originalType=t,p.mdxType="string"==typeof t?t:l,i[1]=p;for(var u=2;u{a.r(e),a.d(e,{assets:()=>m,contentTitle:()=>i,default:()=>d,frontMatter:()=>r,metadata:()=>p,toc:()=>u});var n=a(7462),l=(a(7294),a(3905));const r={},i="Custom Resources",p={unversionedId:"ref-crds",id:"ref-crds",title:"Custom Resources",description:"* GitRepo",source:"@site/docs/ref-crds.md",sourceDirName:".",slug:"/ref-crds",permalink:"/ref-crds",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-crds.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Registration",permalink:"/ref-registration"},next:{title:"fleet-agent",permalink:"/cli/fleet-agent/"}},m={},u=[{value:"GitRepo",id:"gitrepo",level:4},{value:"GitRepoDisplay",id:"gitrepodisplay",level:4},{value:"GitRepoResource",id:"gitreporesource",level:4},{value:"GitRepoResourceCounts",id:"gitreporesourcecounts",level:4},{value:"GitRepoRestriction",id:"gitreporestriction",level:4},{value:"GitRepoSpec",id:"gitrepospec",level:4},{value:"GitRepoStatus",id:"gitrepostatus",level:4},{value:"GitTarget",id:"gittarget",level:4},{value:"ResourcePerClusterState",id:"resourceperclusterstate",level:4},{value:"Bundle",id:"bundle",level:4},{value:"BundleDeployment",id:"bundledeployment",level:4},{value:"BundleDeploymentDisplay",id:"bundledeploymentdisplay",level:4},{value:"BundleDeploymentOptions",id:"bundledeploymentoptions",level:4},{value:"BundleDeploymentSpec",id:"bundledeploymentspec",level:4},{value:"BundleDeploymentStatus",id:"bundledeploymentstatus",level:4},{value:"BundleDisplay",id:"bundledisplay",level:4},{value:"BundleNamespaceMapping",id:"bundlenamespacemapping",level:4},{value:"BundleRef",id:"bundleref",level:4},{value:"BundleResource",id:"bundleresource",level:4},{value:"BundleSpec",id:"bundlespec",level:4},{value:"BundleStatus",id:"bundlestatus",level:4},{value:"BundleSummary",id:"bundlesummary",level:4},{value:"BundleTarget",id:"bundletarget",level:4},{value:"BundleTargetRestriction",id:"bundletargetrestriction",level:4},{value:"ComparePatch",id:"comparepatch",level:4},{value:"ConfigMapKeySelector",id:"configmapkeyselector",level:4},{value:"Content",id:"content",level:4},{value:"DiffOptions",id:"diffoptions",level:4},{value:"HelmOptions",id:"helmoptions",level:4},{value:"KustomizeOptions",id:"kustomizeoptions",level:4},{value:"LocalObjectReference",id:"localobjectreference",level:4},{value:"ModifiedStatus",id:"modifiedstatus",level:4},{value:"NonReadyResource",id:"nonreadyresource",level:4},{value:"NonReadyStatus",id:"nonreadystatus",level:4},{value:"Operation",id:"operation",level:4},{value:"Partition",id:"partition",level:4},{value:"PartitionStatus",id:"partitionstatus",level:4},{value:"ResourceKey",id:"resourcekey",level:4},{value:"RolloutStrategy",id:"rolloutstrategy",level:4},{value:"SecretKeySelector",id:"secretkeyselector",level:4},{value:"ValuesFrom",id:"valuesfrom",level:4},{value:"YAMLOptions",id:"yamloptions",level:4},{value:"AlphabeticalPolicy",id:"alphabeticalpolicy",level:4},{value:"CommitSpec",id:"commitspec",level:4},{value:"ImagePolicyChoice",id:"imagepolicychoice",level:4},{value:"ImageScan",id:"imagescan",level:4},{value:"ImageScanSpec",id:"imagescanspec",level:4},{value:"ImageScanStatus",id:"imagescanstatus",level:4},{value:"SemVerPolicy",id:"semverpolicy",level:4},{value:"AgentStatus",id:"agentstatus",level:4},{value:"Cluster",id:"cluster",level:4},{value:"ClusterDisplay",id:"clusterdisplay",level:4},{value:"ClusterGroup",id:"clustergroup",level:4},{value:"ClusterGroupDisplay",id:"clustergroupdisplay",level:4},{value:"ClusterGroupSpec",id:"clustergroupspec",level:4},{value:"ClusterGroupStatus",id:"clustergroupstatus",level:4},{value:"ClusterRegistration",id:"clusterregistration",level:4},{value:"ClusterRegistrationSpec",id:"clusterregistrationspec",level:4},{value:"ClusterRegistrationStatus",id:"clusterregistrationstatus",level:4},{value:"ClusterRegistrationToken",id:"clusterregistrationtoken",level:4},{value:"ClusterRegistrationTokenSpec",id:"clusterregistrationtokenspec",level:4},{value:"ClusterRegistrationTokenStatus",id:"clusterregistrationtokenstatus",level:4},{value:"ClusterSpec",id:"clusterspec",level:4},{value:"ClusterStatus",id:"clusterstatus",level:4}],k={toc:u};function d(t){let{components:e,...a}=t;return(0,l.kt)("wrapper",(0,n.Z)({},k,a,{components:e,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"custom-resources"},"Custom Resources"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepo"},"GitRepo")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporestriction"},"GitRepoRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundle"},"Bundle")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeployment"},"BundleDeployment")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlenamespacemapping"},"BundleNamespaceMapping")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#content"},"Content")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescan"},"ImageScan")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#cluster"},"Cluster")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroup"},"ClusterGroup")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistration"},"ClusterRegistration")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtoken"},"ClusterRegistrationToken"))),(0,l.kt)("h1",{id:"sub-resources"},"Sub Resources"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesource"},"GitRepoResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gittarget"},"GitTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourceperclusterstate"},"ResourcePerClusterState")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleref"},"BundleRef")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleresource"},"BundleResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletarget"},"BundleTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletargetrestriction"},"BundleTargetRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#comparepatch"},"ComparePatch")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#localobjectreference"},"LocalObjectReference")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadyresource"},"NonReadyResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#operation"},"Operation")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partition"},"Partition")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partitionstatus"},"PartitionStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourcekey"},"ResourceKey")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#valuesfrom"},"ValuesFrom")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#commitspec"},"CommitSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterstatus"},"ClusterStatus"))),(0,l.kt)("h4",{id:"gitrepo"},"GitRepo"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepodisplay"},"GitRepoDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundleDeployments"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesource"},"GitRepoResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"type"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"id"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"incompleteState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"perClusterState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ResourcePerClusterState]","(#resourceperclusterstate)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesourcecounts"},"GitRepoResourceCounts"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"orphaned"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unknown"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporestriction"},"GitRepoRestriction"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultServiceAccount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedServiceAccounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedRepoPatterns"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultClientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedClientSecretNames"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedTargetNamespaces"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepospec"},"GitRepoSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is a URL to a git repo to clone and index"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"branch"),(0,l.kt)("td",{parentName:"tr",align:null},"Branch The git branch to follow"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"revision"),(0,l.kt)("td",{parentName:"tr",align:null},"Revision A specific commit or tag to operate on"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Ensure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demand"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},'ClientSecretName is the client secret to be used to connect to the repo It is expected the secret be of type \\"kubernetes.io/basic-auth\\" or \\"kubernetes.io/ssh-auth\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmSecretName contains the auth secret for private helm repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"caBundle"),(0,l.kt)("td",{parentName:"tr",align:null},"CABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate."),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"insecureSkipTLSVerify"),(0,l.kt)("td",{parentName:"tr",align:null},"InsecureSkipTLSverify will use insecure HTTPS to clone the repo."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paths"),(0,l.kt)("td",{parentName:"tr",align:null},"Paths is the directories relative to the git repo root that contain resources to be applied. Path globbing is support, for example ",'[\\"charts/*\\"]',' will match all folders as a subdirectory of charts/ If empty, \\"/\\" is the default'),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused this cause changes in Git to not be propagated down to the clusters but instead mark resources as OutOfSync"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount used in the downstream cluster for deployment"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets is a list of target this repo will deploy to"),(0,l.kt)("td",{parentName:"tr",align:null},"[][GitTarget]","(#gittarget)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pollingInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"PollingInterval is how often to check git for new updates"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"Increment this number to force a redeployment of contents from Git"),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"ImageScanInterval is the interval of syncing scanned images and writing back to git repo"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanCommit"),(0,l.kt)("td",{parentName:"tr",align:null},"Commit specifies how to commit to the git repo when new image is scanned and write back to git repo"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#commitspec"},"CommitSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepostatus"},"GitRepoStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"commit"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitJobStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][GitRepoResource]","(#gitreporesource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceErrors"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSyncedImageScanTime"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gittarget"},"GitTarget"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourceperclusterstate"},"ResourcePerClusterState"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterId"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundle"},"Bundle"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeployment"},"BundleDeployment"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentdisplay"},"BundleDeploymentDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deployed"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"monitored"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentoptions"},"BundleDeploymentOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultNamespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kustomize"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helm"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"yaml"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"diff"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentspec"},"BundleDeploymentSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"options"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleRef]","(#bundleref)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentstatus"},"BundleDeploymentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"appliedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"release"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonModified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyStatus]","(#nonreadystatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ModifiedStatus]","(#modifiedstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"syncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledisplay"},"BundleDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlenamespacemapping"},"BundleNamespaceMapping"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleref"},"BundleRef"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleresource"},"BundleResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"encoding"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlespec"},"BundleSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"rolloutStrategy"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleResource]","(#bundleresource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleTarget]","(#bundletarget)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetRestrictions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleTargetRestriction]","(#bundletargetrestriction)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleRef]","(#bundleref)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlestatus"},"BundleStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"newlyCreated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxNew"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][PartitionStatus]","(#partitionstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceKey"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ResourceKey]","(#resourcekey)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlesummary"},"BundleSummary"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"errApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"outOfSync"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pending"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyResources"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyResource]","(#nonreadyresource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletarget"},"BundleTarget"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletargetrestriction"},"BundleTargetRestriction"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"comparepatch"},"ComparePatch"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"operations"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][Operation]","(#operation)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"jsonPointers"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"configmapkeyselector"},"ConfigMapKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"content"},"Content"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"diffoptions"},"DiffOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"comparePatches"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ComparePatch]","(#comparepatch)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"helmoptions"},"HelmOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"chart"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"releaseName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"version"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"values"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFrom"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ValuesFrom]","(#valuesfrom)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"force"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"takeOwnership"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxHistory"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFiles"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"atomic"),(0,l.kt)("td",{parentName:"tr",align:null},"Atomic sets the --atomic flag when Helm is performing an upgrade"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"kustomizeoptions"},"KustomizeOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dir"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"localobjectreference"},"LocalObjectReference"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"modifiedstatus"},"ModifiedStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"delete"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadyresource"},"NonReadyResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"BundleState"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ModifiedStatus]","(#modifiedstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyStatus]","(#nonreadystatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadystatus"},"NonReadyStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"uid"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"types.UID"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"summary.Summary"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"operation"},"Operation"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"op"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"path"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"value"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partition"},"Partition"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partitionstatus"},"PartitionStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"count"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourcekey"},"ResourceKey"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"rolloutstrategy"},"RolloutStrategy"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"autoPartitionSize"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][Partition]","(#partition)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"secretkeyselector"},"SecretKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"valuesfrom"},"ValuesFrom"),(0,l.kt)("p",null,"Define helm values that can come from configmap, secret or external. Credit: ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439"},"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"configMapKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a config map with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a secret with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"yamloptions"},"YAMLOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"overlays"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"alphabeticalpolicy"},"AlphabeticalPolicy"),(0,l.kt)("p",null,"AlphabeticalPolicy specifices a alphabetical ordering policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"order"),(0,l.kt)("td",{parentName:"tr",align:null},"Order specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"commitspec"},"CommitSpec"),(0,l.kt)("p",null,"CommitSpec specifies how to commit changes to the git repository"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorName"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorName gives the name to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorEmail"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorEmail gives the email to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"messageTemplate"),(0,l.kt)("td",{parentName:"tr",align:null},"MessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagepolicychoice"},"ImagePolicyChoice"),(0,l.kt)("p",null,"ImagePolicyChoice is a union of all the types of policy that can be supplied."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"semver"),(0,l.kt)("td",{parentName:"tr",align:null},"SemVer gives a semantic version range to check against the tags available."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"alphabetical"),(0,l.kt)("td",{parentName:"tr",align:null},"Alphabetical set of rules to use for alphabetical ordering of the tags."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescan"},"ImageScan"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanspec"},"ImageScanSpec"),(0,l.kt)("p",null,"API is taken from ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/image-reflector-controller"},"https://github.com/fluxcd/image-reflector-controller")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"tagName"),(0,l.kt)("td",{parentName:"tr",align:null},"TagName is the tag ref that needs to be put in manifest to replace fields"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitrepoName"),(0,l.kt)("td",{parentName:"tr",align:null},"GitRepo reference name"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"image"),(0,l.kt)("td",{parentName:"tr",align:null},"Image is the name of the image repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"interval"),(0,l.kt)("td",{parentName:"tr",align:null},"Interval is the length of time to wait between scans of the image repository."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretRef"),(0,l.kt)("td",{parentName:"tr",align:null},"SecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with ",(0,l.kt)("inlineCode",{parentName:"td"},"kubectl create secret docker-registry"),", or the equivalent."),(0,l.kt)("td",{parentName:"tr",align:null},"*corev1.LocalObjectReference"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"suspend"),(0,l.kt)("td",{parentName:"tr",align:null},"This flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"policy"),(0,l.kt)("td",{parentName:"tr",align:null},"Policy gives the particulars of the policy to be followed in selecting the most recent image"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanstatus"},"ImageScanStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastScanTime"),(0,l.kt)("td",{parentName:"tr",align:null},"LastScanTime is the last time image was scanned"),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestImage"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestTag"),(0,l.kt)("td",{parentName:"tr",align:null},"Latest tag is the latest tag filtered by the policy"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestDigest"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestDigest is the digest of latest tag"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"canonicalImageName"),(0,l.kt)("td",{parentName:"tr",align:null},"CannonicalName is the name of the image repository with all the implied bits made explicit; e.g., ",(0,l.kt)("inlineCode",{parentName:"td"},"docker.io/library/alpine")," rather than ",(0,l.kt)("inlineCode",{parentName:"td"},"alpine"),"."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"semverpolicy"},"SemVerPolicy"),(0,l.kt)("p",null,"SemVerPolicy specifices a semantic version policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"range"),(0,l.kt)("td",{parentName:"tr",align:null},"Range gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"agentstatus"},"AgentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSeen"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"At most 3 nodes"),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"At most 3 nodes"),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"cluster"},"Cluster"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterstatus"},"ClusterStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterdisplay"},"ClusterDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"sampleNode"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroup"},"ClusterGroup"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupdisplay"},"ClusterGroupDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupspec"},"ClusterGroupSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupstatus"},"ClusterGroupStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterCount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusterCount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistration"},"ClusterRegistration"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationspec"},"ClusterRegistrationSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientRandom"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterLabels"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationstatus"},"ClusterRegistrationStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"granted"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtoken"},"ClusterRegistrationToken"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ttl"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"expires"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterspec"},"ClusterSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kubeConfigSecret"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"redeployAgentGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVars"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]v1.EnvVar"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentNamespace defaults to the system namespace, e.g. cattle-fleet-system"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"privateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterstatus"},"ClusterStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},'Namespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \\"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\\"'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVarsHash"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentPrivateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentDeployedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"cattleNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agent"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[299],{3905:(t,e,a)=>{a.d(e,{Zo:()=>k,kt:()=>g});var n=a(7294);function l(t,e,a){return e in t?Object.defineProperty(t,e,{value:a,enumerable:!0,configurable:!0,writable:!0}):t[e]=a,t}function r(t,e){var a=Object.keys(t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(t);e&&(n=n.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),a.push.apply(a,n)}return a}function i(t){for(var e=1;e=0||(l[a]=t[a]);return l}(t,e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(t,a)&&(l[a]=t[a])}return l}var m=n.createContext({}),u=function(t){var e=n.useContext(m),a=e;return t&&(a="function"==typeof t?t(e):i(i({},e),t)),a},k=function(t){var e=u(t.components);return n.createElement(m.Provider,{value:e},t.children)},d={inlineCode:"code",wrapper:function(t){var e=t.children;return n.createElement(n.Fragment,{},e)}},N=n.forwardRef((function(t,e){var a=t.components,l=t.mdxType,r=t.originalType,m=t.parentName,k=p(t,["components","mdxType","originalType","parentName"]),N=u(a),g=l,s=N["".concat(m,".").concat(g)]||N[g]||d[g]||r;return a?n.createElement(s,i(i({ref:e},k),{},{components:a})):n.createElement(s,i({ref:e},k))}));function g(t,e){var a=arguments,l=e&&e.mdxType;if("string"==typeof t||l){var r=a.length,i=new Array(r);i[0]=N;var p={};for(var m in e)hasOwnProperty.call(e,m)&&(p[m]=e[m]);p.originalType=t,p.mdxType="string"==typeof t?t:l,i[1]=p;for(var u=2;u{a.r(e),a.d(e,{assets:()=>m,contentTitle:()=>i,default:()=>d,frontMatter:()=>r,metadata:()=>p,toc:()=>u});var n=a(7462),l=(a(7294),a(3905));const r={},i="Custom Resources",p={unversionedId:"ref-crds",id:"ref-crds",title:"Custom Resources",description:"* GitRepo",source:"@site/docs/ref-crds.md",sourceDirName:".",slug:"/ref-crds",permalink:"/ref-crds",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-crds.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Registration",permalink:"/ref-registration"},next:{title:"fleet-agent",permalink:"/cli/fleet-agent/"}},m={},u=[{value:"GitRepo",id:"gitrepo",level:4},{value:"GitRepoDisplay",id:"gitrepodisplay",level:4},{value:"GitRepoResource",id:"gitreporesource",level:4},{value:"GitRepoResourceCounts",id:"gitreporesourcecounts",level:4},{value:"GitRepoRestriction",id:"gitreporestriction",level:4},{value:"GitRepoSpec",id:"gitrepospec",level:4},{value:"GitRepoStatus",id:"gitrepostatus",level:4},{value:"GitTarget",id:"gittarget",level:4},{value:"ResourcePerClusterState",id:"resourceperclusterstate",level:4},{value:"Bundle",id:"bundle",level:4},{value:"BundleDeployment",id:"bundledeployment",level:4},{value:"BundleDeploymentDisplay",id:"bundledeploymentdisplay",level:4},{value:"BundleDeploymentOptions",id:"bundledeploymentoptions",level:4},{value:"BundleDeploymentSpec",id:"bundledeploymentspec",level:4},{value:"BundleDeploymentStatus",id:"bundledeploymentstatus",level:4},{value:"BundleDisplay",id:"bundledisplay",level:4},{value:"BundleNamespaceMapping",id:"bundlenamespacemapping",level:4},{value:"BundleRef",id:"bundleref",level:4},{value:"BundleResource",id:"bundleresource",level:4},{value:"BundleSpec",id:"bundlespec",level:4},{value:"BundleStatus",id:"bundlestatus",level:4},{value:"BundleSummary",id:"bundlesummary",level:4},{value:"BundleTarget",id:"bundletarget",level:4},{value:"BundleTargetRestriction",id:"bundletargetrestriction",level:4},{value:"ComparePatch",id:"comparepatch",level:4},{value:"ConfigMapKeySelector",id:"configmapkeyselector",level:4},{value:"Content",id:"content",level:4},{value:"DiffOptions",id:"diffoptions",level:4},{value:"HelmOptions",id:"helmoptions",level:4},{value:"KustomizeOptions",id:"kustomizeoptions",level:4},{value:"LocalObjectReference",id:"localobjectreference",level:4},{value:"ModifiedStatus",id:"modifiedstatus",level:4},{value:"NonReadyResource",id:"nonreadyresource",level:4},{value:"NonReadyStatus",id:"nonreadystatus",level:4},{value:"Operation",id:"operation",level:4},{value:"Partition",id:"partition",level:4},{value:"PartitionStatus",id:"partitionstatus",level:4},{value:"ResourceKey",id:"resourcekey",level:4},{value:"RolloutStrategy",id:"rolloutstrategy",level:4},{value:"SecretKeySelector",id:"secretkeyselector",level:4},{value:"ValuesFrom",id:"valuesfrom",level:4},{value:"YAMLOptions",id:"yamloptions",level:4},{value:"AlphabeticalPolicy",id:"alphabeticalpolicy",level:4},{value:"CommitSpec",id:"commitspec",level:4},{value:"ImagePolicyChoice",id:"imagepolicychoice",level:4},{value:"ImageScan",id:"imagescan",level:4},{value:"ImageScanSpec",id:"imagescanspec",level:4},{value:"ImageScanStatus",id:"imagescanstatus",level:4},{value:"SemVerPolicy",id:"semverpolicy",level:4},{value:"AgentStatus",id:"agentstatus",level:4},{value:"Cluster",id:"cluster",level:4},{value:"ClusterDisplay",id:"clusterdisplay",level:4},{value:"ClusterGroup",id:"clustergroup",level:4},{value:"ClusterGroupDisplay",id:"clustergroupdisplay",level:4},{value:"ClusterGroupSpec",id:"clustergroupspec",level:4},{value:"ClusterGroupStatus",id:"clustergroupstatus",level:4},{value:"ClusterRegistration",id:"clusterregistration",level:4},{value:"ClusterRegistrationSpec",id:"clusterregistrationspec",level:4},{value:"ClusterRegistrationStatus",id:"clusterregistrationstatus",level:4},{value:"ClusterRegistrationToken",id:"clusterregistrationtoken",level:4},{value:"ClusterRegistrationTokenSpec",id:"clusterregistrationtokenspec",level:4},{value:"ClusterRegistrationTokenStatus",id:"clusterregistrationtokenstatus",level:4},{value:"ClusterSpec",id:"clusterspec",level:4},{value:"ClusterStatus",id:"clusterstatus",level:4}],k={toc:u};function d(t){let{components:e,...a}=t;return(0,l.kt)("wrapper",(0,n.Z)({},k,a,{components:e,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"custom-resources"},"Custom Resources"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepo"},"GitRepo")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporestriction"},"GitRepoRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundle"},"Bundle")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeployment"},"BundleDeployment")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlenamespacemapping"},"BundleNamespaceMapping")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#content"},"Content")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescan"},"ImageScan")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#cluster"},"Cluster")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroup"},"ClusterGroup")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistration"},"ClusterRegistration")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtoken"},"ClusterRegistrationToken"))),(0,l.kt)("h1",{id:"sub-resources"},"Sub Resources"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesource"},"GitRepoResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gittarget"},"GitTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourceperclusterstate"},"ResourcePerClusterState")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleref"},"BundleRef")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleresource"},"BundleResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletarget"},"BundleTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletargetrestriction"},"BundleTargetRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#comparepatch"},"ComparePatch")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#localobjectreference"},"LocalObjectReference")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadyresource"},"NonReadyResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#operation"},"Operation")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partition"},"Partition")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partitionstatus"},"PartitionStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourcekey"},"ResourceKey")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#valuesfrom"},"ValuesFrom")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#commitspec"},"CommitSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterstatus"},"ClusterStatus"))),(0,l.kt)("h4",{id:"gitrepo"},"GitRepo"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepodisplay"},"GitRepoDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundleDeployments"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesource"},"GitRepoResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"type"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"id"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"incompleteState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"perClusterState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ResourcePerClusterState]","(#resourceperclusterstate)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesourcecounts"},"GitRepoResourceCounts"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"orphaned"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unknown"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporestriction"},"GitRepoRestriction"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultServiceAccount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedServiceAccounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedRepoPatterns"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultClientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedClientSecretNames"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedTargetNamespaces"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepospec"},"GitRepoSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is a URL to a git repo to clone and index"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"branch"),(0,l.kt)("td",{parentName:"tr",align:null},"Branch The git branch to follow"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"revision"),(0,l.kt)("td",{parentName:"tr",align:null},"Revision A specific commit or tag to operate on"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Ensure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demand"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},'ClientSecretName is the client secret to be used to connect to the repo It is expected the secret be of type \\"kubernetes.io/basic-auth\\" or \\"kubernetes.io/ssh-auth\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmSecretName contains the auth secret for private helm repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"caBundle"),(0,l.kt)("td",{parentName:"tr",align:null},"CABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate."),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"insecureSkipTLSVerify"),(0,l.kt)("td",{parentName:"tr",align:null},"InsecureSkipTLSverify will use insecure HTTPS to clone the repo."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paths"),(0,l.kt)("td",{parentName:"tr",align:null},"Paths is the directories relative to the git repo root that contain resources to be applied. Path globbing is support, for example ",'[\\"charts/*\\"]',' will match all folders as a subdirectory of charts/ If empty, \\"/\\" is the default'),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused this cause changes in Git to not be propagated down to the clusters but instead mark resources as OutOfSync"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount used in the downstream cluster for deployment"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets is a list of target this repo will deploy to"),(0,l.kt)("td",{parentName:"tr",align:null},"[][GitTarget]","(#gittarget)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pollingInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"PollingInterval is how often to check git for new updates"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"Increment this number to force a redeployment of contents from Git"),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"ImageScanInterval is the interval of syncing scanned images and writing back to git repo"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanCommit"),(0,l.kt)("td",{parentName:"tr",align:null},"Commit specifies how to commit to the git repo when new image is scanned and write back to git repo"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#commitspec"},"CommitSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepostatus"},"GitRepoStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"commit"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitJobStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][GitRepoResource]","(#gitreporesource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceErrors"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSyncedImageScanTime"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gittarget"},"GitTarget"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourceperclusterstate"},"ResourcePerClusterState"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterId"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundle"},"Bundle"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeployment"},"BundleDeployment"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentdisplay"},"BundleDeploymentDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deployed"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"monitored"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentoptions"},"BundleDeploymentOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultNamespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kustomize"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helm"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"yaml"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"diff"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentspec"},"BundleDeploymentSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"options"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleRef]","(#bundleref)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentstatus"},"BundleDeploymentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"appliedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"release"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonModified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyStatus]","(#nonreadystatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ModifiedStatus]","(#modifiedstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"syncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledisplay"},"BundleDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlenamespacemapping"},"BundleNamespaceMapping"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleref"},"BundleRef"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleresource"},"BundleResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"encoding"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlespec"},"BundleSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"rolloutStrategy"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleResource]","(#bundleresource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleTarget]","(#bundletarget)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetRestrictions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleTargetRestriction]","(#bundletargetrestriction)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleRef]","(#bundleref)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlestatus"},"BundleStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"newlyCreated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxNew"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][PartitionStatus]","(#partitionstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceKey"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ResourceKey]","(#resourcekey)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlesummary"},"BundleSummary"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"errApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"outOfSync"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pending"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyResources"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyResource]","(#nonreadyresource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletarget"},"BundleTarget"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletargetrestriction"},"BundleTargetRestriction"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"comparepatch"},"ComparePatch"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"operations"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][Operation]","(#operation)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"jsonPointers"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"configmapkeyselector"},"ConfigMapKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"content"},"Content"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"diffoptions"},"DiffOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"comparePatches"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ComparePatch]","(#comparepatch)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"helmoptions"},"HelmOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"chart"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"releaseName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"version"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"values"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFrom"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ValuesFrom]","(#valuesfrom)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"force"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"takeOwnership"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxHistory"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFiles"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"atomic"),(0,l.kt)("td",{parentName:"tr",align:null},"Atomic sets the --atomic flag when Helm is performing an upgrade"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"kustomizeoptions"},"KustomizeOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dir"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"localobjectreference"},"LocalObjectReference"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"modifiedstatus"},"ModifiedStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"delete"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadyresource"},"NonReadyResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"BundleState"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ModifiedStatus]","(#modifiedstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyStatus]","(#nonreadystatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadystatus"},"NonReadyStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"uid"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"types.UID"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"summary.Summary"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"operation"},"Operation"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"op"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"path"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"value"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partition"},"Partition"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partitionstatus"},"PartitionStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"count"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourcekey"},"ResourceKey"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"rolloutstrategy"},"RolloutStrategy"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"autoPartitionSize"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][Partition]","(#partition)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"secretkeyselector"},"SecretKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"valuesfrom"},"ValuesFrom"),(0,l.kt)("p",null,"Define helm values that can come from configmap, secret or external. Credit: ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439"},"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"configMapKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a config map with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a secret with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"yamloptions"},"YAMLOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"overlays"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"alphabeticalpolicy"},"AlphabeticalPolicy"),(0,l.kt)("p",null,"AlphabeticalPolicy specifices a alphabetical ordering policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"order"),(0,l.kt)("td",{parentName:"tr",align:null},"Order specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"commitspec"},"CommitSpec"),(0,l.kt)("p",null,"CommitSpec specifies how to commit changes to the git repository"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorName"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorName gives the name to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorEmail"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorEmail gives the email to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"messageTemplate"),(0,l.kt)("td",{parentName:"tr",align:null},"MessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagepolicychoice"},"ImagePolicyChoice"),(0,l.kt)("p",null,"ImagePolicyChoice is a union of all the types of policy that can be supplied."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"semver"),(0,l.kt)("td",{parentName:"tr",align:null},"SemVer gives a semantic version range to check against the tags available."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"alphabetical"),(0,l.kt)("td",{parentName:"tr",align:null},"Alphabetical set of rules to use for alphabetical ordering of the tags."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescan"},"ImageScan"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanspec"},"ImageScanSpec"),(0,l.kt)("p",null,"API is taken from ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/image-reflector-controller"},"https://github.com/fluxcd/image-reflector-controller")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"tagName"),(0,l.kt)("td",{parentName:"tr",align:null},"TagName is the tag ref that needs to be put in manifest to replace fields"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitrepoName"),(0,l.kt)("td",{parentName:"tr",align:null},"GitRepo reference name"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"image"),(0,l.kt)("td",{parentName:"tr",align:null},"Image is the name of the image repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"interval"),(0,l.kt)("td",{parentName:"tr",align:null},"Interval is the length of time to wait between scans of the image repository."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretRef"),(0,l.kt)("td",{parentName:"tr",align:null},"SecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with ",(0,l.kt)("inlineCode",{parentName:"td"},"kubectl create secret docker-registry"),", or the equivalent."),(0,l.kt)("td",{parentName:"tr",align:null},"*corev1.LocalObjectReference"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"suspend"),(0,l.kt)("td",{parentName:"tr",align:null},"This flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"policy"),(0,l.kt)("td",{parentName:"tr",align:null},"Policy gives the particulars of the policy to be followed in selecting the most recent image"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanstatus"},"ImageScanStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastScanTime"),(0,l.kt)("td",{parentName:"tr",align:null},"LastScanTime is the last time image was scanned"),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestImage"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestTag"),(0,l.kt)("td",{parentName:"tr",align:null},"Latest tag is the latest tag filtered by the policy"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestDigest"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestDigest is the digest of latest tag"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"canonicalImageName"),(0,l.kt)("td",{parentName:"tr",align:null},"CannonicalName is the name of the image repository with all the implied bits made explicit; e.g., ",(0,l.kt)("inlineCode",{parentName:"td"},"docker.io/library/alpine")," rather than ",(0,l.kt)("inlineCode",{parentName:"td"},"alpine"),"."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"semverpolicy"},"SemVerPolicy"),(0,l.kt)("p",null,"SemVerPolicy specifices a semantic version policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"range"),(0,l.kt)("td",{parentName:"tr",align:null},"Range gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"agentstatus"},"AgentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSeen"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"At most 3 nodes"),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"At most 3 nodes"),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"cluster"},"Cluster"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterstatus"},"ClusterStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterdisplay"},"ClusterDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"sampleNode"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroup"},"ClusterGroup"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupdisplay"},"ClusterGroupDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupspec"},"ClusterGroupSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupstatus"},"ClusterGroupStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterCount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusterCount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistration"},"ClusterRegistration"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationspec"},"ClusterRegistrationSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientRandom"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterLabels"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationstatus"},"ClusterRegistrationStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"granted"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtoken"},"ClusterRegistrationToken"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ttl"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"expires"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterspec"},"ClusterSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kubeConfigSecret"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"redeployAgentGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVars"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]v1.EnvVar"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentNamespace defaults to the system namespace, e.g. cattle-fleet-system"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"privateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterstatus"},"ClusterStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},'Namespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \\"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\\"'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVarsHash"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentPrivateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentDeployedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"cattleNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agent"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/e0636556.cd2066ec.js b/assets/js/e0636556.382874e2.js similarity index 98% rename from assets/js/e0636556.cd2066ec.js rename to assets/js/e0636556.382874e2.js index bb094f553..71b029301 100644 --- a/assets/js/e0636556.cd2066ec.js +++ b/assets/js/e0636556.382874e2.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6418],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(l,".").concat(m)]||d[m]||p[m]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"version-0.5/index",title:"Overview",description:"What is Fleet?",source:"@site/versioned_docs/version-0.5/index.md",sourceDirName:".",slug:"/",permalink:"/0.5/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/index.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/0.5/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6418],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(l,".").concat(m)]||d[m]||p[m]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"version-0.5/index",title:"Overview",description:"What is Fleet?",source:"@site/versioned_docs/version-0.5/index.md",sourceDirName:".",slug:"/",permalink:"/0.5/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/index.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/0.5/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file diff --git a/assets/js/e252aa27.fd8378ca.js b/assets/js/e252aa27.8a8451ed.js similarity index 98% rename from assets/js/e252aa27.fd8378ca.js rename to assets/js/e252aa27.8a8451ed.js index b370bfad4..47581dad3 100644 --- a/assets/js/e252aa27.fd8378ca.js +++ b/assets/js/e252aa27.8a8451ed.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5854],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=r,k=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?a.createElement(k,o(o({ref:t},u),{},{components:n})):a.createElement(k,o({ref:t},u))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const i={},o="Cluster Registration Tokens",s={unversionedId:"cluster-tokens",id:"version-0.5/cluster-tokens",title:"Cluster Registration Tokens",description:"Not needed for Manager initiated registration:",source:"@site/versioned_docs/version-0.5/cluster-tokens.md",sourceDirName:".",slug:"/cluster-tokens",permalink:"/0.5/cluster-tokens",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-tokens.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.5/cluster-overview"},next:{title:"Agent Initiated",permalink:"/0.5/agent-initiated"}},l={},c=[{value:"Token TTL",id:"token-ttl",level:2},{value:"Create a new Token",id:"create-a-new-token",level:2},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:2}],u={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"cluster-registration-tokens"},"Cluster Registration Tokens"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Not needed for Manager initiated registration"),":\nFor manager initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,r.kt)("p",null,"For an agent initiated registration the downstream cluster must have a cluster registration token.\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,r.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,r.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,r.kt)("h2",{id:"token-ttl"},"Token TTL"),(0,r.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,r.kt)("h2",{id:"create-a-new-token"},"Create a new Token"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,r.kt)("a",{parentName:"p",href:"/0.5/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,r.kt)("p",null,"After the ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,r.kt)("p",null,"One way to do so is via the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,r.kt)("h2",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,r.kt)("p",null,"The token value contains YAML content for a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,r.kt)("p",null,"Such value is contained in the ",(0,r.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,r.kt)("p",null,"Once the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5854],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=r,k=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?a.createElement(k,o(o({ref:t},u),{},{components:n})):a.createElement(k,o({ref:t},u))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const i={},o="Cluster Registration Tokens",s={unversionedId:"cluster-tokens",id:"version-0.5/cluster-tokens",title:"Cluster Registration Tokens",description:"Not needed for Manager initiated registration:",source:"@site/versioned_docs/version-0.5/cluster-tokens.md",sourceDirName:".",slug:"/cluster-tokens",permalink:"/0.5/cluster-tokens",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-tokens.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.5/cluster-overview"},next:{title:"Agent Initiated",permalink:"/0.5/agent-initiated"}},l={},c=[{value:"Token TTL",id:"token-ttl",level:2},{value:"Create a new Token",id:"create-a-new-token",level:2},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:2}],u={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"cluster-registration-tokens"},"Cluster Registration Tokens"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Not needed for Manager initiated registration"),":\nFor manager initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,r.kt)("p",null,"For an agent initiated registration the downstream cluster must have a cluster registration token.\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,r.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,r.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,r.kt)("h2",{id:"token-ttl"},"Token TTL"),(0,r.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,r.kt)("h2",{id:"create-a-new-token"},"Create a new Token"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,r.kt)("a",{parentName:"p",href:"/0.5/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,r.kt)("p",null,"After the ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,r.kt)("p",null,"One way to do so is via the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,r.kt)("h2",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,r.kt)("p",null,"The token value contains YAML content for a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,r.kt)("p",null,"Such value is contained in the ",(0,r.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,r.kt)("p",null,"Once the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/e3aa6547.70908871.js b/assets/js/e3aa6547.ee996040.js similarity index 98% rename from assets/js/e3aa6547.70908871.js rename to assets/js/e3aa6547.ee996040.js index 1a7058467..1a7c35188 100644 --- a/assets/js/e3aa6547.70908871.js +++ b/assets/js/e3aa6547.ee996040.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1462],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,l=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=c(n),u=r,g=d["".concat(l,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const o={},i="Image scan",s={unversionedId:"imagescan",id:"version-0.4/imagescan",title:"Image scan",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/versioned_docs/version-0.4/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/0.4/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/imagescan.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Webhook",permalink:"/0.4/webhook"},next:{title:"Cluster and Bundle state",permalink:"/0.4/cluster-bundles-state"}},l={},c=[],m={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"image-scan"},"Image scan"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order \n- policy: \n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver: \n range: "*" \n # can use ascending or descending order\n alphabetical:\n order: asc \n\n # specify images to scan\n image: "your.registry.com/repo/image" \n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret \n\n # Specify the scan interval\n interval: 5m \n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples \n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m \n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret \n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1462],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,l=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=c(n),u=r,g=d["".concat(l,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const o={},i="Image scan",s={unversionedId:"imagescan",id:"version-0.4/imagescan",title:"Image scan",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/versioned_docs/version-0.4/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/0.4/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/imagescan.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Webhook",permalink:"/0.4/webhook"},next:{title:"Cluster and Bundle state",permalink:"/0.4/cluster-bundles-state"}},l={},c=[],m={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"image-scan"},"Image scan"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order \n- policy: \n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver: \n range: "*" \n # can use ascending or descending order\n alphabetical:\n order: asc \n\n # specify images to scan\n image: "your.registry.com/repo/image" \n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret \n\n # Specify the scan interval\n interval: 5m \n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples \n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m \n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret \n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/ebf52154.0ffaed92.js b/assets/js/ebf52154.0ffaed92.js deleted file mode 100644 index 8523d2e37..000000000 --- a/assets/js/ebf52154.0ffaed92.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6393],{6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-0.5.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-agent-0.5.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-crd-0.5.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-0.6.0-alpha2.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-agent-0.6.0-alpha2.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-crd-0.6.0-alpha2.tgz"}}},1453:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>d,contentTitle:()=>i,default:()=>h,frontMatter:()=>r,metadata:()=>c,toc:()=>p});var l=a(7462),n=(a(7294),a(3905)),s=a(6828),o=a(814);const r={},i="Quick Start",c={unversionedId:"quickstart",id:"version-0.5/quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/versioned_docs/version-0.5/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/0.5/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/quickstart.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.5/"},next:{title:"Core Concepts",permalink:"/0.5/concepts"}},d={},p=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],u={toc:p};function h(e){let{components:t,...a}=e;return(0,n.kt)("wrapper",(0,l.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"quick-start"},"Quick Start"),(0,n.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null,"Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure\nthings to your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,n.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,n.kt)(o.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",s.d["v0.5"].fleetCRD,"\nhelm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",s.d["v0.5"].fleet),(0,n.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to watch"),(0,n.kt)("p",null,"Change ",(0,n.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,n.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be ran in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,n.kt)("h2",{id:"get-status"},"Get Status"),(0,n.kt)("p",null,"Get status of what fleet is doing"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,n.kt)("p",null,"You should see something like this get created in your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,n.kt)("p",null,"Enjoy and read the ",(0,n.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}h.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/ebf52154.dc94694a.js b/assets/js/ebf52154.dc94694a.js new file mode 100644 index 000000000..339811f1a --- /dev/null +++ b/assets/js/ebf52154.dc94694a.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6393],{6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-0.5.2.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-agent-0.5.2.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-crd-0.5.2.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-0.6.0-rc.4.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-agent-0.6.0-rc.4.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-crd-0.6.0-rc.4.tgz"}}},1453:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>d,contentTitle:()=>i,default:()=>h,frontMatter:()=>o,metadata:()=>c,toc:()=>p});var l=a(7462),n=(a(7294),a(3905)),s=a(6828),r=a(814);const o={},i="Quick Start",c={unversionedId:"quickstart",id:"version-0.5/quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/versioned_docs/version-0.5/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/0.5/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/quickstart.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.5/"},next:{title:"Core Concepts",permalink:"/0.5/concepts"}},d={},p=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],u={toc:p};function h(e){let{components:t,...a}=e;return(0,n.kt)("wrapper",(0,l.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"quick-start"},"Quick Start"),(0,n.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null,"Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure\nthings to your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,n.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",s.d["v0.5"].fleetCRD,"\nhelm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",s.d["v0.5"].fleet),(0,n.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to watch"),(0,n.kt)("p",null,"Change ",(0,n.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,n.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be ran in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,n.kt)("h2",{id:"get-status"},"Get Status"),(0,n.kt)("p",null,"Get status of what fleet is doing"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,n.kt)("p",null,"You should see something like this get created in your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,n.kt)("p",null,"Enjoy and read the ",(0,n.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}h.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/ecc84eb4.203ba1eb.js b/assets/js/ecc84eb4.203ba1eb.js new file mode 100644 index 000000000..29c222d7a --- /dev/null +++ b/assets/js/ecc84eb4.203ba1eb.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2323],{6828:(e,t,l)=>{l.d(t,{d:()=>s});const s={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-0.5.2.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-agent-0.5.2.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-crd-0.5.2.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-0.6.0-rc.4.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-agent-0.6.0-rc.4.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-crd-0.6.0-rc.4.tgz"}}},7234:(e,t,l)=>{l.r(t),l.d(t,{assets:()=>u,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>c,toc:()=>d});var s=l(7462),n=(l(7294),l(3905)),r=l(6828),a=l(814);const i={},o="Single Cluster Install",c={unversionedId:"single-cluster-install",id:"single-cluster-install",title:"Single Cluster Install",description:"In this use case you have only one cluster. The cluster will run both the Fleet",source:"@site/docs/single-cluster-install.md",sourceDirName:".",slug:"/single-cluster-install",permalink:"/single-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/single-cluster-install.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation",permalink:"/installation"},next:{title:"Multi Cluster Install",permalink:"/multi-cluster-install"}},u={},d=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"Install",id:"install",level:2}],h={toc:d};function p(e){let{components:t,...i}=e;return(0,n.kt)("wrapper",(0,s.Z)({},h,i,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"single-cluster-install"},"Single Cluster Install"),(0,n.kt)("p",null,(0,n.kt)("img",{src:l(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"In this use case you have only one cluster. The cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,n.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,n.kt)("h3",{id:"helm-3"},"Helm 3"),(0,n.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,n.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,n.kt)("p",null,"macOS"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,n.kt)("p",null,"Windows"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,n.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,n.kt)("p",null,"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the\nsingle cluster use case you will install Fleet to the cluster which you intend to manage with GitOps.\nAny Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null,"Install the following two Helm charts."),(0,n.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,n.kt)(a.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d.next.fleetCRD),(0,n.kt)("p",null,"Second install the Fleet controllers."),(0,n.kt)(a.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",r.d.next.fleet),(0,n.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,n.kt)("p",null,"You can now ",(0,n.kt)("a",{parentName:"p",href:"/gitrepo-add"},"register some git repos")," in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."))}p.isMDXComponent=!0},1313:(e,t,l)=>{l.d(t,{Z:()=>s});const s=l.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file diff --git a/assets/js/ecc84eb4.ccbc51ec.js b/assets/js/ecc84eb4.ccbc51ec.js deleted file mode 100644 index 48b2cab2f..000000000 --- a/assets/js/ecc84eb4.ccbc51ec.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2323],{6828:(e,t,l)=>{l.d(t,{d:()=>s});const s={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-0.5.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-agent-0.5.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-crd-0.5.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-0.6.0-alpha2.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-agent-0.6.0-alpha2.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-crd-0.6.0-alpha2.tgz"}}},7234:(e,t,l)=>{l.r(t),l.d(t,{assets:()=>u,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>c,toc:()=>d});var s=l(7462),n=(l(7294),l(3905)),a=l(6828),r=l(814);const i={},o="Single Cluster Install",c={unversionedId:"single-cluster-install",id:"single-cluster-install",title:"Single Cluster Install",description:"In this use case you have only one cluster. The cluster will run both the Fleet",source:"@site/docs/single-cluster-install.md",sourceDirName:".",slug:"/single-cluster-install",permalink:"/single-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/single-cluster-install.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation",permalink:"/installation"},next:{title:"Multi Cluster Install",permalink:"/multi-cluster-install"}},u={},d=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"Install",id:"install",level:2}],h={toc:d};function p(e){let{components:t,...i}=e;return(0,n.kt)("wrapper",(0,s.Z)({},h,i,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"single-cluster-install"},"Single Cluster Install"),(0,n.kt)("p",null,(0,n.kt)("img",{src:l(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"In this use case you have only one cluster. The cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,n.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,n.kt)("h3",{id:"helm-3"},"Helm 3"),(0,n.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,n.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,n.kt)("p",null,"macOS"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,n.kt)("p",null,"Windows"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,n.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,n.kt)("p",null,"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the\nsingle cluster use case you will install Fleet to the cluster which you intend to manage with GitOps.\nAny Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null,"Install the following two Helm charts."),(0,n.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",a.d.next.fleetCRD),(0,n.kt)("p",null,"Second install the Fleet controllers."),(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",a.d.next.fleet),(0,n.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,n.kt)("p",null,"You can now ",(0,n.kt)("a",{parentName:"p",href:"/gitrepo-add"},"register some git repos")," in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."))}p.isMDXComponent=!0},1313:(e,t,l)=>{l.d(t,{Z:()=>s});const s=l.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file diff --git a/assets/js/f63438e5.6ddf727a.js b/assets/js/f63438e5.2ef4d035.js similarity index 98% rename from assets/js/f63438e5.6ddf727a.js rename to assets/js/f63438e5.2ef4d035.js index 5798811ac..6e628ff08 100644 --- a/assets/js/f63438e5.6ddf727a.js +++ b/assets/js/f63438e5.2ef4d035.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[665],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Webhook",l={unversionedId:"webhook",id:"version-0.4/webhook",title:"Webhook",description:"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,",source:"@site/versioned_docs/version-0.4/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/0.4/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/webhook.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.4/bundle-diffs"},next:{title:"Image scan",permalink:"/0.4/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"webhook"},"Webhook"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,\nGitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[665],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Webhook",l={unversionedId:"webhook",id:"version-0.4/webhook",title:"Webhook",description:"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,",source:"@site/versioned_docs/version-0.4/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/0.4/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/webhook.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.4/bundle-diffs"},next:{title:"Image scan",permalink:"/0.4/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"webhook"},"Webhook"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,\nGitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file diff --git a/assets/js/f6748474.885a550c.js b/assets/js/f6748474.3f19249a.js similarity index 97% rename from assets/js/f6748474.885a550c.js rename to assets/js/f6748474.3f19249a.js index 17e27781a..d7d695402 100644 --- a/assets/js/f6748474.885a550c.js +++ b/assets/js/f6748474.3f19249a.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4339],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var n=r(7294);function i(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(i[r]=e[r]);return i}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(i[r]=e[r])}return i}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,i=e.mdxType,a=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(r),g=i,m=d["".concat(l,".").concat(g)]||d[g]||p[g]||a;return r?n.createElement(m,o(o({ref:t},u),{},{components:r})):n.createElement(m,o({ref:t},u))}));function g(e,t){var r=arguments,i=t&&t.mdxType;if("string"==typeof e||i){var a=r.length,o=new Array(a);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:i,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var n=r(7462),i=(r(7294),r(3905));const a={},o="Overview",s={unversionedId:"cluster-overview",id:"version-0.4/cluster-overview",title:"Overview",description:"There are two specific styles to registering clusters. These styles will be referred",source:"@site/versioned_docs/version-0.4/cluster-overview.md",sourceDirName:".",slug:"/cluster-overview",permalink:"/0.4/cluster-overview",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-overview.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Examples",permalink:"/0.4/examples"},next:{title:"Cluster Registration Tokens",permalink:"/0.4/cluster-tokens"}},l={},c=[{value:"Agent Initiated Registration",id:"agent-initiated-registration",level:2},{value:"Manager Initiated Registration",id:"manager-initiated-registration",level:2}],u={toc:c};function p(e){let{components:t,...r}=e;return(0,i.kt)("wrapper",(0,n.Z)({},u,r,{components:t,mdxType:"MDXLayout"}),(0,i.kt)("h1",{id:"overview"},"Overview"),(0,i.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,i.kt)("strong",{parentName:"p"},"agent initiated")," and ",(0,i.kt)("strong",{parentName:"p"},"manager initiated")," registration. Typically one would\ngo with the agent initiated registration but there are specific use cases in which\nmanager initiated is a better workflow."),(0,i.kt)("h2",{id:"agent-initiated-registration"},"Agent Initiated Registration"),(0,i.kt)("p",null,"Agent initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,i.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,i.kt)("h2",{id:"manager-initiated-registration"},"Manager Initiated Registration"),(0,i.kt)("p",null,"Manager initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4339],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var n=r(7294);function i(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(i[r]=e[r]);return i}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(i[r]=e[r])}return i}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,i=e.mdxType,a=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(r),g=i,m=d["".concat(l,".").concat(g)]||d[g]||p[g]||a;return r?n.createElement(m,o(o({ref:t},u),{},{components:r})):n.createElement(m,o({ref:t},u))}));function g(e,t){var r=arguments,i=t&&t.mdxType;if("string"==typeof e||i){var a=r.length,o=new Array(a);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:i,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var n=r(7462),i=(r(7294),r(3905));const a={},o="Overview",s={unversionedId:"cluster-overview",id:"version-0.4/cluster-overview",title:"Overview",description:"There are two specific styles to registering clusters. These styles will be referred",source:"@site/versioned_docs/version-0.4/cluster-overview.md",sourceDirName:".",slug:"/cluster-overview",permalink:"/0.4/cluster-overview",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-overview.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Examples",permalink:"/0.4/examples"},next:{title:"Cluster Registration Tokens",permalink:"/0.4/cluster-tokens"}},l={},c=[{value:"Agent Initiated Registration",id:"agent-initiated-registration",level:2},{value:"Manager Initiated Registration",id:"manager-initiated-registration",level:2}],u={toc:c};function p(e){let{components:t,...r}=e;return(0,i.kt)("wrapper",(0,n.Z)({},u,r,{components:t,mdxType:"MDXLayout"}),(0,i.kt)("h1",{id:"overview"},"Overview"),(0,i.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,i.kt)("strong",{parentName:"p"},"agent initiated")," and ",(0,i.kt)("strong",{parentName:"p"},"manager initiated")," registration. Typically one would\ngo with the agent initiated registration but there are specific use cases in which\nmanager initiated is a better workflow."),(0,i.kt)("h2",{id:"agent-initiated-registration"},"Agent Initiated Registration"),(0,i.kt)("p",null,"Agent initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,i.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,i.kt)("h2",{id:"manager-initiated-registration"},"Manager Initiated Registration"),(0,i.kt)("p",null,"Manager initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/f7cf1511.b2410d57.js b/assets/js/f7cf1511.bd9dfa13.js similarity index 99% rename from assets/js/f7cf1511.b2410d57.js rename to assets/js/f7cf1511.bd9dfa13.js index e86fcd50d..db913889b 100644 --- a/assets/js/f7cf1511.b2410d57.js +++ b/assets/js/f7cf1511.bd9dfa13.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5225],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),c=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},p=function(e){var t=c(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),h=c(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},p),{},{components:n})):o.createElement(m,r({ref:t},p))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"version-0.5/troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/versioned_docs/version-0.5/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/0.5/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/troubleshooting.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle state",permalink:"/0.5/cluster-bundles-state"},next:{title:"Advanced Users",permalink:"/0.5/advanced-users"}},s={},c=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Migrate the local cluster to the Fleet default cluster?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3}],p={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled. "),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo. "),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster"},"Migrate the local cluster to the Fleet default cluster?"),(0,a.kt)("p",null,"For users who want to deploy to the local cluster as well, they may move the cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default")," in the Rancher UI as follows:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"To get to Fleet in Rancher, click \u2630 > Continuous Delivery."),(0,a.kt)("li",{parentName:"ul"},"Under the ",(0,a.kt)("strong",{parentName:"li"},"Clusters")," menu, select the ",(0,a.kt)("strong",{parentName:"li"},"local")," cluster by checking the box to the left."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Assign to")," from the tabs above the cluster."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"strong"},"fleet-default"))," from the ",(0,a.kt)("strong",{parentName:"li"},"Assign Cluster To")," dropdown.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result"),": The cluster will be migrated to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default"),"."),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu "),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown "),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/0.5/gitrepo-structure"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority" \n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm: \n releaseName: \n repo: \n chart: \ndiff: \n comparePatches: \n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations" \n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/bundle-diffs"},"bundle diffs documentation")," for more information. ")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5225],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),c=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},p=function(e){var t=c(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),h=c(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},p),{},{components:n})):o.createElement(m,r({ref:t},p))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"version-0.5/troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/versioned_docs/version-0.5/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/0.5/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/troubleshooting.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle state",permalink:"/0.5/cluster-bundles-state"},next:{title:"Advanced Users",permalink:"/0.5/advanced-users"}},s={},c=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Migrate the local cluster to the Fleet default cluster?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3}],p={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled. "),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo. "),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster"},"Migrate the local cluster to the Fleet default cluster?"),(0,a.kt)("p",null,"For users who want to deploy to the local cluster as well, they may move the cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default")," in the Rancher UI as follows:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"To get to Fleet in Rancher, click \u2630 > Continuous Delivery."),(0,a.kt)("li",{parentName:"ul"},"Under the ",(0,a.kt)("strong",{parentName:"li"},"Clusters")," menu, select the ",(0,a.kt)("strong",{parentName:"li"},"local")," cluster by checking the box to the left."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Assign to")," from the tabs above the cluster."),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"strong"},"fleet-default"))," from the ",(0,a.kt)("strong",{parentName:"li"},"Assign Cluster To")," dropdown.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result"),": The cluster will be migrated to ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-default"),"."),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu "),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown "),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/0.5/gitrepo-structure"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority" \n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm: \n releaseName: \n repo: \n chart: \ndiff: \n comparePatches: \n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations" \n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/bundle-diffs"},"bundle diffs documentation")," for more information. ")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/f8113afe.19783368.js b/assets/js/f8113afe.19783368.js new file mode 100644 index 000000000..eb0947e64 --- /dev/null +++ b/assets/js/f8113afe.19783368.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6957],{6828:(e,t,l)=>{l.d(t,{d:()=>s});const s={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-0.5.2.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-agent-0.5.2.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.2/fleet-crd-0.5.2.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-0.6.0-rc.4.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-agent-0.6.0-rc.4.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-crd-0.6.0-rc.4.tgz"}}},7600:(e,t,l)=>{l.r(t),l.d(t,{assets:()=>u,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>c,toc:()=>d});var s=l(7462),n=(l(7294),l(3905)),r=l(6828),a=l(814);const i={},o="Single Cluster Install",c={unversionedId:"single-cluster-install",id:"version-0.5/single-cluster-install",title:"Single Cluster Install",description:"In this use case you have only one cluster. The cluster will run both the Fleet",source:"@site/versioned_docs/version-0.5/single-cluster-install.md",sourceDirName:".",slug:"/single-cluster-install",permalink:"/0.5/single-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/single-cluster-install.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation",permalink:"/0.5/installation"},next:{title:"Multi Cluster Install",permalink:"/0.5/multi-cluster-install"}},u={},d=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"Install",id:"install",level:2}],h={toc:d};function p(e){let{components:t,...i}=e;return(0,n.kt)("wrapper",(0,s.Z)({},h,i,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"single-cluster-install"},"Single Cluster Install"),(0,n.kt)("p",null,(0,n.kt)("img",{src:l(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"In this use case you have only one cluster. The cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,n.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,n.kt)("h3",{id:"helm-3"},"Helm 3"),(0,n.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,n.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,n.kt)("p",null,"macOS"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,n.kt)("p",null,"Windows"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,n.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,n.kt)("p",null,"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the\nsingle cluster use case you will install Fleet to the cluster which you intend to manage with GitOps.\nAny Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null,"Install the following two Helm charts."),(0,n.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,n.kt)(a.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d["v0.5"].fleetCRD),(0,n.kt)("p",null,"Second install the Fleet controllers."),(0,n.kt)(a.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",r.d["v0.5"].fleet),(0,n.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,n.kt)("p",null,"You can now ",(0,n.kt)("a",{parentName:"p",href:"/0.5/gitrepo-add"},"register some git repos")," in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."))}p.isMDXComponent=!0},1313:(e,t,l)=>{l.d(t,{Z:()=>s});const s=l.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file diff --git a/assets/js/f8113afe.7a35237f.js b/assets/js/f8113afe.7a35237f.js deleted file mode 100644 index ee3e23134..000000000 --- a/assets/js/f8113afe.7a35237f.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6957],{6828:(e,t,l)=>{l.d(t,{d:()=>s});const s={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-0.5.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-agent-0.5.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.0/fleet-crd-0.5.0.tgz"},next:{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-0.6.0-alpha2.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-agent-0.6.0-alpha2.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-crd-0.6.0-alpha2.tgz"}}},7600:(e,t,l)=>{l.r(t),l.d(t,{assets:()=>u,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>c,toc:()=>d});var s=l(7462),n=(l(7294),l(3905)),a=l(6828),r=l(814);const i={},o="Single Cluster Install",c={unversionedId:"single-cluster-install",id:"version-0.5/single-cluster-install",title:"Single Cluster Install",description:"In this use case you have only one cluster. The cluster will run both the Fleet",source:"@site/versioned_docs/version-0.5/single-cluster-install.md",sourceDirName:".",slug:"/single-cluster-install",permalink:"/0.5/single-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/single-cluster-install.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation",permalink:"/0.5/installation"},next:{title:"Multi Cluster Install",permalink:"/0.5/multi-cluster-install"}},u={},d=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"Install",id:"install",level:2}],h={toc:d};function p(e){let{components:t,...i}=e;return(0,n.kt)("wrapper",(0,s.Z)({},h,i,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"single-cluster-install"},"Single Cluster Install"),(0,n.kt)("p",null,(0,n.kt)("img",{src:l(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"In this use case you have only one cluster. The cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,n.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,n.kt)("h3",{id:"helm-3"},"Helm 3"),(0,n.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,n.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,n.kt)("p",null,"macOS"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,n.kt)("p",null,"Windows"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,n.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,n.kt)("p",null,"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the\nsingle cluster use case you will install Fleet to the cluster which you intend to manage with GitOps.\nAny Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null,"Install the following two Helm charts."),(0,n.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",a.d["v0.5"].fleetCRD),(0,n.kt)("p",null,"Second install the Fleet controllers."),(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",a.d["v0.5"].fleet),(0,n.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,n.kt)("p",null,"You can now ",(0,n.kt)("a",{parentName:"p",href:"/0.5/gitrepo-add"},"register some git repos")," in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."))}p.isMDXComponent=!0},1313:(e,t,l)=>{l.d(t,{Z:()=>s});const s=l.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file diff --git a/assets/js/f8909550.6787dd78.js b/assets/js/f8909550.a8df6b80.js similarity index 99% rename from assets/js/f8909550.6787dd78.js rename to assets/js/f8909550.a8df6b80.js index e8ef5a867..ed7e04eb3 100644 --- a/assets/js/f8909550.6787dd78.js +++ b/assets/js/f8909550.a8df6b80.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7893],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function l(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function s(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(l[a]=e[a]);return l}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(l[a]=e[a])}return l}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,l=e.mdxType,s=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=l,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||s;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var s=a.length,r=new Array(s);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:l,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>s,metadata:()=>i,toc:()=>p});var n=a(7462),l=(a(7294),a(3905));const s={},r="Namespaces",i={unversionedId:"namespaces",id:"version-0.4/namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/versioned_docs/version-0.4/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/0.4/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/namespaces.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Groups",permalink:"/0.4/cluster-group"},next:{title:"Adding a GitRepo",permalink:"/0.4/gitrepo-add"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local",id:"fleet-local",level:3},{value:"cattle-fleet-system",id:"cattle-fleet-system",level:3},{value:"cattle-fleet-clusters-system",id:"cattle-fleet-clusters-system",level:3},{value:"Cluster namespaces",id:"cluster-namespaces",level:3},{value:"Cross namespace deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2}],c={toc:p};function m(e){let{components:t,...a}=e;return(0,l.kt)("wrapper",(0,n.Z)({},c,a,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"namespaces"},"Namespaces"),(0,l.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,l.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,l.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,l.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,l.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,l.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,l.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,l.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,l.kt)("h3",{id:"fleet-local"},"fleet-local"),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,l.kt)("p",null,"When fleet is installed the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"Note:")," If you would like to migrate your cluster from ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),", please see this ",(0,l.kt)("a",{parentName:"p",href:"/0.4/troubleshooting#migrate-the-local-cluster-to-the-fleet-default-cluster"},"documentation"),"."),(0,l.kt)("h3",{id:"cattle-fleet-system"},"cattle-fleet-system"),(0,l.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,l.kt)("h3",{id:"cattle-fleet-clusters-system"},"cattle-fleet-clusters-system"),(0,l.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,l.kt)("h3",{id:"cluster-namespaces"},"Cluster namespaces"),(0,l.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces have are named in the form ",(0,l.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,l.kt)("h2",{id:"cross-namespace-deployments"},"Cross namespace deployments"),(0,l.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,l.kt)("p",null,"If you are creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,l.kt)("p",null,"A ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,l.kt)("p",null,"If the ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,l.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,l.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,l.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,l.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,l.kt)("p",null,"A namespace can contain multiple ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,l.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,l.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')))}m.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7893],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function l(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function s(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(l[a]=e[a]);return l}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(l[a]=e[a])}return l}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,l=e.mdxType,s=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=l,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||s;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var s=a.length,r=new Array(s);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:l,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>s,metadata:()=>i,toc:()=>p});var n=a(7462),l=(a(7294),a(3905));const s={},r="Namespaces",i={unversionedId:"namespaces",id:"version-0.4/namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/versioned_docs/version-0.4/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/0.4/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/namespaces.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Groups",permalink:"/0.4/cluster-group"},next:{title:"Adding a GitRepo",permalink:"/0.4/gitrepo-add"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local",id:"fleet-local",level:3},{value:"cattle-fleet-system",id:"cattle-fleet-system",level:3},{value:"cattle-fleet-clusters-system",id:"cattle-fleet-clusters-system",level:3},{value:"Cluster namespaces",id:"cluster-namespaces",level:3},{value:"Cross namespace deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2}],c={toc:p};function m(e){let{components:t,...a}=e;return(0,l.kt)("wrapper",(0,n.Z)({},c,a,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"namespaces"},"Namespaces"),(0,l.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,l.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,l.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,l.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,l.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,l.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,l.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,l.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,l.kt)("h3",{id:"fleet-local"},"fleet-local"),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,l.kt)("p",null,"When fleet is installed the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"Note:")," If you would like to migrate your cluster from ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),", please see this ",(0,l.kt)("a",{parentName:"p",href:"/0.4/troubleshooting#migrate-the-local-cluster-to-the-fleet-default-cluster"},"documentation"),"."),(0,l.kt)("h3",{id:"cattle-fleet-system"},"cattle-fleet-system"),(0,l.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,l.kt)("h3",{id:"cattle-fleet-clusters-system"},"cattle-fleet-clusters-system"),(0,l.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,l.kt)("h3",{id:"cluster-namespaces"},"Cluster namespaces"),(0,l.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces have are named in the form ",(0,l.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,l.kt)("h2",{id:"cross-namespace-deployments"},"Cross namespace deployments"),(0,l.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,l.kt)("p",null,"If you are creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,l.kt)("p",null,"A ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,l.kt)("p",null,"If the ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,l.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,l.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,l.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,l.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,l.kt)("p",null,"A namespace can contain multiple ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,l.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,l.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')))}m.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/fb76c575.1ec14aa0.js b/assets/js/fb76c575.649838ed.js similarity index 97% rename from assets/js/fb76c575.1ec14aa0.js rename to assets/js/fb76c575.649838ed.js index 1f196fdbc..3faa990b4 100644 --- a/assets/js/fb76c575.1ec14aa0.js +++ b/assets/js/fb76c575.649838ed.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3200],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var o=a.createContext({}),p=function(e){var t=a.useContext(o),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(o.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,l=e.mdxType,r=e.originalType,o=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),d=p(n),m=l,h=d["".concat(o,".").concat(m)]||d[m]||u[m]||r;return n?a.createElement(h,i(i({ref:t},c),{},{components:n})):a.createElement(h,i({ref:t},c))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var r=n.length,i=new Array(r);i[0]=d;var s={};for(var o in t)hasOwnProperty.call(t,o)&&(s[o]=t[o]);s.originalType=e,s.mdxType="string"==typeof e?e:l,i[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>o,contentTitle:()=>i,default:()=>u,frontMatter:()=>r,metadata:()=>s,toc:()=>p});var a=n(7462),l=(n(7294),n(3905));const r={},i="Agent Initiated",s={unversionedId:"agent-initiated",id:"version-0.4/agent-initiated",title:"Agent Initiated",description:"Refer to the overview page for a background information on the agent initiated registration style.",source:"@site/versioned_docs/version-0.4/agent-initiated.md",sourceDirName:".",slug:"/agent-initiated",permalink:"/0.4/agent-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/agent-initiated.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Tokens",permalink:"/0.4/cluster-tokens"},next:{title:"Manager Initiated",permalink:"/0.4/manager-initiated"}},o={},p=[{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:2},{value:"Install agent for a new Cluster",id:"install-agent-for-a-new-cluster",level:2},{value:"Install agent for a predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"agent-initiated"},"Agent Initiated"),(0,l.kt)("p",null,"Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the agent initiated registration style."),(0,l.kt)("h2",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,l.kt)("p",null,"A downstream cluster is registered using the ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,l.kt)("strong",{parentName:"p"},"client ID")," or ",(0,l.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required. Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token page")," for more information\non how to create tokens and obtain the values. The cluster registration token is manifested as a ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will\nbe passed to the ",(0,l.kt)("inlineCode",{parentName:"p"},"helm install")," process."),(0,l.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,l.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,l.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,l.kt)("h2",{id:"install-agent-for-a-new-cluster"},"Install agent for a new Cluster"),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,l.kt)("p",null,"First, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,l.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,l.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,l.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,l.kt)("p",null,"Value in ",(0,l.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,l.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,l.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"warning"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent https://github.com/rancher/fleet/releases/download/v0.4.0/fleet-agent-0.4.0.tgz\n')),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.4/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,l.kt)("h2",{id:"install-agent-for-a-predefined-cluster"},"Install agent for a predefined Cluster"),(0,l.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,l.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,l.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,l.kt)("p",null,"First, create a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,l.kt)("p",null,"Second, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,l.kt)("p",null,"Third, setup your environment to use the client ID."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent https://github.com/rancher/fleet/releases/download/v0.4.0/fleet-agent-v0.4.0.tgz\n')),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.4/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3200],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var o=a.createContext({}),p=function(e){var t=a.useContext(o),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(o.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,l=e.mdxType,r=e.originalType,o=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),d=p(n),m=l,h=d["".concat(o,".").concat(m)]||d[m]||u[m]||r;return n?a.createElement(h,i(i({ref:t},c),{},{components:n})):a.createElement(h,i({ref:t},c))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var r=n.length,i=new Array(r);i[0]=d;var s={};for(var o in t)hasOwnProperty.call(t,o)&&(s[o]=t[o]);s.originalType=e,s.mdxType="string"==typeof e?e:l,i[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>o,contentTitle:()=>i,default:()=>u,frontMatter:()=>r,metadata:()=>s,toc:()=>p});var a=n(7462),l=(n(7294),n(3905));const r={},i="Agent Initiated",s={unversionedId:"agent-initiated",id:"version-0.4/agent-initiated",title:"Agent Initiated",description:"Refer to the overview page for a background information on the agent initiated registration style.",source:"@site/versioned_docs/version-0.4/agent-initiated.md",sourceDirName:".",slug:"/agent-initiated",permalink:"/0.4/agent-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/agent-initiated.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Tokens",permalink:"/0.4/cluster-tokens"},next:{title:"Manager Initiated",permalink:"/0.4/manager-initiated"}},o={},p=[{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:2},{value:"Install agent for a new Cluster",id:"install-agent-for-a-new-cluster",level:2},{value:"Install agent for a predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"agent-initiated"},"Agent Initiated"),(0,l.kt)("p",null,"Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the agent initiated registration style."),(0,l.kt)("h2",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,l.kt)("p",null,"A downstream cluster is registered using the ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,l.kt)("strong",{parentName:"p"},"client ID")," or ",(0,l.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required. Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token page")," for more information\non how to create tokens and obtain the values. The cluster registration token is manifested as a ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will\nbe passed to the ",(0,l.kt)("inlineCode",{parentName:"p"},"helm install")," process."),(0,l.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,l.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,l.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,l.kt)("h2",{id:"install-agent-for-a-new-cluster"},"Install agent for a new Cluster"),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,l.kt)("p",null,"First, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,l.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,l.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,l.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,l.kt)("p",null,"Value in ",(0,l.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,l.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,l.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"warning"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-agent-0.4.1.tgz\n')),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.4/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,l.kt)("h2",{id:"install-agent-for-a-predefined-cluster"},"Install agent for a predefined Cluster"),(0,l.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,l.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,l.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,l.kt)("p",null,"First, create a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,l.kt)("p",null,"Second, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,l.kt)("p",null,"Third, setup your environment to use the client ID."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-agent-v0.4.1.tgz\n')),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.4/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/fbaf079d.a570259b.js b/assets/js/fbaf079d.8ec9c5bc.js similarity index 99% rename from assets/js/fbaf079d.a570259b.js rename to assets/js/fbaf079d.8ec9c5bc.js index 7447cf104..6378a588f 100644 --- a/assets/js/fbaf079d.a570259b.js +++ b/assets/js/fbaf079d.8ec9c5bc.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2030],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function r(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function i(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var l=a.createContext({}),p=function(e){var n=a.useContext(l),t=n;return e&&(t="function"==typeof e?e(n):i(i({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(l.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,r=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(l,".").concat(u)]||m[u]||d[u]||r;return t?a.createElement(h,i(i({ref:n},c),{},{components:t})):a.createElement(h,i({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var r=t.length,i=new Array(r);i[0]=m;var s={};for(var l in n)hasOwnProperty.call(n,l)&&(s[l]=n[l]);s.originalType=e,s.mdxType="string"==typeof e?e:o,i[1]=s;for(var p=2;p{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>i,default:()=>d,frontMatter:()=>r,metadata:()=>s,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const r={},i="Generating Diffs for Modified GitRepos",s={unversionedId:"bundle-diffs",id:"bundle-diffs",title:"Generating Diffs for Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/docs/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/bundle-diffs.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/gitrepo-targets"},next:{title:"Webhook",permalink:"/webhook"}},l={},p=[{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...r}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,r,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-for-modified-gitrepos"},"Generating Diffs for Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec. "),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")," "),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and "),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2030],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function r(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function i(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var l=a.createContext({}),p=function(e){var n=a.useContext(l),t=n;return e&&(t="function"==typeof e?e(n):i(i({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(l.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,r=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(l,".").concat(u)]||m[u]||d[u]||r;return t?a.createElement(h,i(i({ref:n},c),{},{components:t})):a.createElement(h,i({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var r=t.length,i=new Array(r);i[0]=m;var s={};for(var l in n)hasOwnProperty.call(n,l)&&(s[l]=n[l]);s.originalType=e,s.mdxType="string"==typeof e?e:o,i[1]=s;for(var p=2;p{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>i,default:()=>d,frontMatter:()=>r,metadata:()=>s,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const r={},i="Generating Diffs for Modified GitRepos",s={unversionedId:"bundle-diffs",id:"bundle-diffs",title:"Generating Diffs for Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/docs/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/bundle-diffs.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/gitrepo-targets"},next:{title:"Webhook",permalink:"/webhook"}},l={},p=[{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...r}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,r,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-for-modified-gitrepos"},"Generating Diffs for Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec. "),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")," "),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and "),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file diff --git a/assets/js/fd06576e.12f065b2.js b/assets/js/fd06576e.bdf1f0c4.js similarity index 99% rename from assets/js/fd06576e.12f065b2.js rename to assets/js/fd06576e.bdf1f0c4.js index 8bcd19bf4..fe85c54bf 100644 --- a/assets/js/fd06576e.12f065b2.js +++ b/assets/js/fd06576e.bdf1f0c4.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3667],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function l(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function s(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(l[a]=e[a]);return l}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(l[a]=e[a])}return l}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,l=e.mdxType,s=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=l,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||s;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var s=a.length,r=new Array(s);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:l,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>s,metadata:()=>i,toc:()=>p});var n=a(7462),l=(a(7294),a(3905));const s={},r="Namespaces",i={unversionedId:"namespaces",id:"version-0.5/namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/versioned_docs/version-0.5/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/0.5/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/namespaces.md",tags:[],version:"0.5",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Groups",permalink:"/0.5/cluster-group"},next:{title:"Adding a GitRepo",permalink:"/0.5/gitrepo-add"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local",id:"fleet-local",level:3},{value:"cattle-fleet-system",id:"cattle-fleet-system",level:3},{value:"cattle-fleet-clusters-system",id:"cattle-fleet-clusters-system",level:3},{value:"Cluster namespaces",id:"cluster-namespaces",level:3},{value:"Cross namespace deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2}],c={toc:p};function m(e){let{components:t,...a}=e;return(0,l.kt)("wrapper",(0,n.Z)({},c,a,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"namespaces"},"Namespaces"),(0,l.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,l.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,l.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,l.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,l.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,l.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,l.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,l.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,l.kt)("h3",{id:"fleet-local"},"fleet-local"),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,l.kt)("p",null,"When fleet is installed the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"Note:")," If you would like to migrate your cluster from ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),", please see this ",(0,l.kt)("a",{parentName:"p",href:"/0.5/troubleshooting#migrate-the-local-cluster-to-the-fleet-default-cluster"},"documentation"),"."),(0,l.kt)("h3",{id:"cattle-fleet-system"},"cattle-fleet-system"),(0,l.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,l.kt)("h3",{id:"cattle-fleet-clusters-system"},"cattle-fleet-clusters-system"),(0,l.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,l.kt)("h3",{id:"cluster-namespaces"},"Cluster namespaces"),(0,l.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces are named in the form ",(0,l.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,l.kt)("h2",{id:"cross-namespace-deployments"},"Cross namespace deployments"),(0,l.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,l.kt)("p",null,"If you are creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,l.kt)("p",null,"A ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,l.kt)("p",null,"If the ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,l.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,l.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,l.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,l.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,l.kt)("p",null,"A namespace can contain multiple ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,l.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,l.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')))}m.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3667],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function l(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function s(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(l[a]=e[a]);return l}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(l[a]=e[a])}return l}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,l=e.mdxType,s=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=l,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||s;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var s=a.length,r=new Array(s);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:l,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>s,metadata:()=>i,toc:()=>p});var n=a(7462),l=(a(7294),a(3905));const s={},r="Namespaces",i={unversionedId:"namespaces",id:"version-0.5/namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/versioned_docs/version-0.5/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/0.5/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/namespaces.md",tags:[],version:"0.5",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Groups",permalink:"/0.5/cluster-group"},next:{title:"Adding a GitRepo",permalink:"/0.5/gitrepo-add"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local",id:"fleet-local",level:3},{value:"cattle-fleet-system",id:"cattle-fleet-system",level:3},{value:"cattle-fleet-clusters-system",id:"cattle-fleet-clusters-system",level:3},{value:"Cluster namespaces",id:"cluster-namespaces",level:3},{value:"Cross namespace deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2}],c={toc:p};function m(e){let{components:t,...a}=e;return(0,l.kt)("wrapper",(0,n.Z)({},c,a,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"namespaces"},"Namespaces"),(0,l.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,l.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,l.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,l.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,l.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,l.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,l.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,l.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,l.kt)("h3",{id:"fleet-local"},"fleet-local"),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,l.kt)("p",null,"When fleet is installed the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"Note:")," If you would like to migrate your cluster from ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," to ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),", please see this ",(0,l.kt)("a",{parentName:"p",href:"/0.5/troubleshooting#migrate-the-local-cluster-to-the-fleet-default-cluster"},"documentation"),"."),(0,l.kt)("h3",{id:"cattle-fleet-system"},"cattle-fleet-system"),(0,l.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,l.kt)("h3",{id:"cattle-fleet-clusters-system"},"cattle-fleet-clusters-system"),(0,l.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,l.kt)("h3",{id:"cluster-namespaces"},"Cluster namespaces"),(0,l.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces are named in the form ",(0,l.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,l.kt)("h2",{id:"cross-namespace-deployments"},"Cross namespace deployments"),(0,l.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,l.kt)("p",null,"If you are creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,l.kt)("p",null,"A ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,l.kt)("p",null,"If the ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,l.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,l.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,l.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,l.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,l.kt)("p",null,"A namespace can contain multiple ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,l.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,l.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')))}m.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/fd26103c.516b484b.js b/assets/js/fd26103c.8c9fe6a4.js similarity index 98% rename from assets/js/fd26103c.516b484b.js rename to assets/js/fd26103c.8c9fe6a4.js index 9b355270c..fd486b5ff 100644 --- a/assets/js/fd26103c.516b484b.js +++ b/assets/js/fd26103c.8c9fe6a4.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2392],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>m});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function l(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var i=n.createContext({}),c=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},p=function(e){var t=c(e.components);return n.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),d=c(r),m=a,f=d["".concat(i,".").concat(m)]||d[m]||u[m]||l;return r?n.createElement(f,o(o({ref:t},p),{},{components:r})):n.createElement(f,o({ref:t},p))}));function m(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=r.length,o=new Array(l);o[0]=d;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const l={},o="Mapping to Downstream Clusters",s={unversionedId:"gitrepo-targets",id:"version-0.4/gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Multi-cluster Only:",source:"@site/versioned_docs/version-0.4/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/0.4/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/gitrepo-targets.md",tags:[],version:"0.4",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Expected Repo Structure",permalink:"/0.4/gitrepo-structure"},next:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.4/bundle-diffs"}},i={},c=[{value:"Defining targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default target",id:"default-target",level:2}],p={toc:c};function u(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style")),(0,a.kt)("p",null,"When deploying ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,a.kt)("h2",{id:"defining-targets"},"Defining targets"),(0,a.kt)("p",null,"The deployment targets of ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,a.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n')),(0,a.kt)("h2",{id:"target-matching"},"Target Matching"),(0,a.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,a.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,a.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,a.kt)("h2",{id:"default-target"},"Default target"),(0,a.kt)("p",null,"If no target is set for the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,a.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2392],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>m});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function l(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var i=n.createContext({}),c=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},p=function(e){var t=c(e.components);return n.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),d=c(r),m=a,f=d["".concat(i,".").concat(m)]||d[m]||u[m]||l;return r?n.createElement(f,o(o({ref:t},p),{},{components:r})):n.createElement(f,o({ref:t},p))}));function m(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=r.length,o=new Array(l);o[0]=d;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const l={},o="Mapping to Downstream Clusters",s={unversionedId:"gitrepo-targets",id:"version-0.4/gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Multi-cluster Only:",source:"@site/versioned_docs/version-0.4/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/0.4/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/gitrepo-targets.md",tags:[],version:"0.4",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Expected Repo Structure",permalink:"/0.4/gitrepo-structure"},next:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.4/bundle-diffs"}},i={},c=[{value:"Defining targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default target",id:"default-target",level:2}],p={toc:c};function u(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style")),(0,a.kt)("p",null,"When deploying ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,a.kt)("h2",{id:"defining-targets"},"Defining targets"),(0,a.kt)("p",null,"The deployment targets of ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,a.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n')),(0,a.kt)("h2",{id:"target-matching"},"Target Matching"),(0,a.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,a.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,a.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,a.kt)("h2",{id:"default-target"},"Default target"),(0,a.kt)("p",null,"If no target is set for the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,a.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/ffe5129d.c282d9c0.js b/assets/js/ffe5129d.00022c28.js similarity index 98% rename from assets/js/ffe5129d.c282d9c0.js rename to assets/js/ffe5129d.00022c28.js index 3c09a79e8..71a9e9035 100644 --- a/assets/js/ffe5129d.c282d9c0.js +++ b/assets/js/ffe5129d.00022c28.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5532],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>f});var a=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=a.createContext({}),s=function(e){var t=a.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=s(e.components);return a.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,l=e.mdxType,r=e.originalType,c=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),m=s(n),f=l,d=m["".concat(c,".").concat(f)]||m[f]||p[f]||r;return n?a.createElement(d,i(i({ref:t},u),{},{components:n})):a.createElement(d,i({ref:t},u))}));function f(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var r=n.length,i=new Array(r);i[0]=m;var o={};for(var c in t)hasOwnProperty.call(t,c)&&(o[c]=t[c]);o.originalType=e,o.mdxType="string"==typeof e?e:l,i[1]=o;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>p,frontMatter:()=>r,metadata:()=>o,toc:()=>s});var a=n(7462),l=(n(7294),n(3905));const r={},i="Configuration",o={unversionedId:"ref-configuration",id:"ref-configuration",title:"Configuration",description:"A reference list of, mostly internal, configuration options.",source:"@site/docs/ref-configuration.md",sourceDirName:".",slug:"/ref-configuration",permalink:"/ref-configuration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-configuration.md",tags:[],version:"current",lastUpdatedAt:1677162457,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Resources",permalink:"/ref-resources"},next:{title:"Registration",permalink:"/ref-registration"}},c={},s=[{value:"Helm Charts",id:"helm-charts",level:2},{value:"Environment Variables",id:"environment-variables",level:2},{value:"Configuration",id:"configuration-1",level:2},{value:"Labels",id:"labels",level:2},{value:"Annotations",id:"annotations",level:2}],u={toc:s};function p(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"configuration"},"Configuration"),(0,l.kt)("p",null,"A reference list of, mostly internal, configuration options."),(0,l.kt)("h2",{id:"helm-charts"},"Helm Charts"),(0,l.kt)("p",null,"The Helm charts accept, at least, the options as shown with their default in ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml"),":"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"))),(0,l.kt)("h2",{id:"environment-variables"},"Environment Variables"),(0,l.kt)("p",null,"The controllers can be started with these environment variables:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"CATTLE_DEV_MODE")," - used to debug wrangler, not usable"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"FLEET_CLUSTER_ENQUEUE_DELAY")," - tune how often non-ready clusters are checked"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"FLEET_CPU_PPROF_PERIOD")," - used to turn on ",(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/docs/performance.md"},"performance profiling"))),(0,l.kt)("h2",{id:"configuration-1"},"Configuration"),(0,l.kt)("p",null,"In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments."),(0,l.kt)("p",null,"The config ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/master/pkg/config/config.go#L40-L52"},"struct")," is used in both config maps:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-agent "),(0,l.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-controller ")),(0,l.kt)("h2",{id:"labels"},"Labels"),(0,l.kt)("p",null,"Labels used by fleet:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent=true")," - NodeSelector label for agent's deployment affinity setting"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/non-managed-agent")," - managed agent bundle won't target Clusters with this label"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/repo-name")," - used on Bundle to reference the git repo resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-namespace")," - used on BundleDeployment to reference the Bundle resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-name")," - used on BundleDeployment to reference the Bundle resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed=true")," - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces."),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bootstrap-token")," - unused")),(0,l.kt)("h2",{id:"annotations"},"Annotations"),(0,l.kt)("p",null,"Annotations used by fleet:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent-namespace")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-id")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster"),", ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-namespace")," - if present on a Cluster, the namespace won't be cleaned up"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster"),", ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-namespace")," - used on a cluster namespace to reference the cluster registration namespace"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-group")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration-namespace")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/commit")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed")," - appears unused"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/service-account"))))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5532],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>f});var a=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=a.createContext({}),s=function(e){var t=a.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=s(e.components);return a.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,l=e.mdxType,r=e.originalType,c=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),m=s(n),f=l,d=m["".concat(c,".").concat(f)]||m[f]||p[f]||r;return n?a.createElement(d,i(i({ref:t},u),{},{components:n})):a.createElement(d,i({ref:t},u))}));function f(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var r=n.length,i=new Array(r);i[0]=m;var o={};for(var c in t)hasOwnProperty.call(t,c)&&(o[c]=t[c]);o.originalType=e,o.mdxType="string"==typeof e?e:l,i[1]=o;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>p,frontMatter:()=>r,metadata:()=>o,toc:()=>s});var a=n(7462),l=(n(7294),n(3905));const r={},i="Configuration",o={unversionedId:"ref-configuration",id:"ref-configuration",title:"Configuration",description:"A reference list of, mostly internal, configuration options.",source:"@site/docs/ref-configuration.md",sourceDirName:".",slug:"/ref-configuration",permalink:"/ref-configuration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-configuration.md",tags:[],version:"current",lastUpdatedAt:1677164590,formattedLastUpdatedAt:"Feb 23, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Resources",permalink:"/ref-resources"},next:{title:"Registration",permalink:"/ref-registration"}},c={},s=[{value:"Helm Charts",id:"helm-charts",level:2},{value:"Environment Variables",id:"environment-variables",level:2},{value:"Configuration",id:"configuration-1",level:2},{value:"Labels",id:"labels",level:2},{value:"Annotations",id:"annotations",level:2}],u={toc:s};function p(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"configuration"},"Configuration"),(0,l.kt)("p",null,"A reference list of, mostly internal, configuration options."),(0,l.kt)("h2",{id:"helm-charts"},"Helm Charts"),(0,l.kt)("p",null,"The Helm charts accept, at least, the options as shown with their default in ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml"),":"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"))),(0,l.kt)("h2",{id:"environment-variables"},"Environment Variables"),(0,l.kt)("p",null,"The controllers can be started with these environment variables:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"CATTLE_DEV_MODE")," - used to debug wrangler, not usable"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"FLEET_CLUSTER_ENQUEUE_DELAY")," - tune how often non-ready clusters are checked"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"FLEET_CPU_PPROF_PERIOD")," - used to turn on ",(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/docs/performance.md"},"performance profiling"))),(0,l.kt)("h2",{id:"configuration-1"},"Configuration"),(0,l.kt)("p",null,"In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments."),(0,l.kt)("p",null,"The config ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/master/pkg/config/config.go#L40-L52"},"struct")," is used in both config maps:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-agent "),(0,l.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-controller ")),(0,l.kt)("h2",{id:"labels"},"Labels"),(0,l.kt)("p",null,"Labels used by fleet:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent=true")," - NodeSelector label for agent's deployment affinity setting"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/non-managed-agent")," - managed agent bundle won't target Clusters with this label"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/repo-name")," - used on Bundle to reference the git repo resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-namespace")," - used on BundleDeployment to reference the Bundle resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-name")," - used on BundleDeployment to reference the Bundle resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed=true")," - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces."),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bootstrap-token")," - unused")),(0,l.kt)("h2",{id:"annotations"},"Annotations"),(0,l.kt)("p",null,"Annotations used by fleet:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent-namespace")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-id")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster"),", ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-namespace")," - if present on a Cluster, the namespace won't be cleaned up"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster"),", ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-namespace")," - used on a cluster namespace to reference the cluster registration namespace"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-group")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration-namespace")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/commit")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed")," - appears unused"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/service-account"))))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/runtime~main.54b39d51.js b/assets/js/runtime~main.7794a84c.js similarity index 59% rename from assets/js/runtime~main.54b39d51.js rename to assets/js/runtime~main.7794a84c.js index 4e221bc31..63f1d3f59 100644 --- a/assets/js/runtime~main.54b39d51.js +++ b/assets/js/runtime~main.7794a84c.js @@ -1 +1 @@ -(()=>{"use strict";var e,f,a,d,b,c={},t={};function r(e){var f=t[e];if(void 0!==f)return f.exports;var a=t[e]={id:e,loaded:!1,exports:{}};return c[e].call(a.exports,a,a.exports,r),a.loaded=!0,a.exports}r.m=c,r.c=t,e=[],r.O=(f,a,d,b)=>{if(!a){var c=1/0;for(i=0;i=b)&&Object.keys(r.O).every((e=>r.O[e](a[o])))?a.splice(o--,1):(t=!1,b0&&e[i-1][2]>b;i--)e[i]=e[i-1];e[i]=[a,d,b]},r.n=e=>{var f=e&&e.__esModule?()=>e.default:()=>e;return r.d(f,{a:f}),f},a=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,r.t=function(e,d){if(1&d&&(e=this(e)),8&d)return e;if("object"==typeof e&&e){if(4&d&&e.__esModule)return e;if(16&d&&"function"==typeof e.then)return e}var b=Object.create(null);r.r(b);var c={};f=f||[null,a({}),a([]),a(a)];for(var t=2&d&&e;"object"==typeof t&&!~f.indexOf(t);t=a(t))Object.getOwnPropertyNames(t).forEach((f=>c[f]=()=>e[f]));return c.default=()=>e,r.d(b,c),b},r.d=(e,f)=>{for(var a in f)r.o(f,a)&&!r.o(e,a)&&Object.defineProperty(e,a,{enumerable:!0,get:f[a]})},r.f={},r.e=e=>Promise.all(Object.keys(r.f).reduce(((f,a)=>(r.f[a](e,f),f)),[])),r.u=e=>"assets/js/"+({53:"935f2afb",208:"cd0bf424",299:"de08e76e",665:"f63438e5",764:"d8f58335",835:"680ed9ed",859:"b32c755c",964:"af48bdba",1266:"6f2a0b31",1371:"0a06c365",1462:"e3aa6547",1760:"b2456c44",1910:"cd323ffc",2030:"fbaf079d",2112:"bd465781",2323:"ecc84eb4",2343:"461a3020",2357:"06df35bc",2361:"a2c468b1",2392:"fd26103c",2418:"6cf4c0df",2425:"dd67116e",2651:"8070e160",3030:"09d5ad39",3084:"4ccb6852",3200:"fb76c575",3217:"3b8c55ea",3325:"1fec2b35",3365:"45a5cd1f",3560:"57b32f77",3632:"af10d9fb",3667:"fd06576e",3714:"d3d9887a",3814:"834808ff",3862:"abaf23c8",4236:"26326ef3",4311:"0252b8ff",4339:"f6748474",4581:"b9a03c38",4728:"1f14308a",4893:"da21831e",4917:"b60b3bd8",5225:"f7cf1511",5279:"522d95f1",5435:"847b3bc4",5532:"ffe5129d",5711:"839437d0",5763:"3718f698",5764:"5a165616",5765:"2f0f344d",5776:"34a3c1ae",5854:"e252aa27",5927:"5281b7a2",5945:"10f03480",6098:"d162992c",6250:"7c5d32d8",6255:"7f3d36ad",6393:"ebf52154",6418:"e0636556",6560:"0e50cd4d",6588:"b7ae13b2",6943:"39f5e362",6957:"f8113afe",6961:"762abe3e",6971:"c377a04b",7169:"a9e7f6cd",7224:"2d618eff",7301:"11f54a6a",7314:"34eb4307",7510:"84ab13f9",7526:"4fac8f87",7539:"22b369d5",7544:"c7381d34",7619:"49af6a86",7893:"f8909550",7918:"17896441",7920:"1a4e3797",7966:"07db75e5",8002:"01b4035b",8092:"ee0e1228",8228:"5379b7b3",8361:"dd81469d",8711:"b8f3160f",8763:"14d8290d",8795:"12f4838b",8813:"aba71817",9246:"340d0560",9353:"9533a6b7",9360:"9d9f8394",9504:"c211f800",9514:"1be78505",9593:"17b50570",9719:"63e62f73",9804:"3c247a82",9816:"755aca7b"}[e]||e)+"."+{53:"4411e126",208:"bb601075",299:"365b0eb3",665:"6ddf727a",764:"ae268529",835:"1f3e806a",859:"3b6f001a",964:"12613d81",1266:"098cb515",1371:"f127ac5e",1462:"70908871",1760:"e8666273",1910:"ae828115",2030:"a570259b",2112:"7f2353e5",2323:"ccbc51ec",2343:"951d1022",2357:"20595c47",2361:"5d788205",2392:"516b484b",2418:"ebe26525",2425:"2d92b707",2651:"120f64b9",3030:"10ff5ffa",3084:"5d3e33e1",3200:"1ec14aa0",3217:"fd5799a5",3325:"74752462",3365:"3036bc8c",3560:"1955520b",3632:"c6bbbb1a",3667:"12f065b2",3714:"2d5d96ae",3814:"cf4b34de",3862:"c08e0626",4236:"f5f24ec7",4311:"8c70c19c",4339:"885a550c",4581:"eee9c13a",4728:"570e88e1",4893:"6a9ee733",4917:"83abcd31",4972:"36527565",5225:"b2410d57",5279:"7df4be61",5435:"21481317",5532:"c282d9c0",5711:"bc009d72",5763:"9024fb21",5764:"2b660d98",5765:"36af1d9a",5776:"b9ba6941",5854:"fd8378ca",5927:"5019f693",5945:"b741d736",6098:"b9d512be",6250:"16ee7418",6255:"3c826396",6393:"0ffaed92",6418:"cd2066ec",6560:"c57c2c98",6588:"135fc9a2",6780:"73cff48e",6943:"ea57e4f2",6945:"98e888a2",6957:"7a35237f",6961:"25f5ed7b",6971:"8edfea16",7169:"df5e4c7f",7224:"a4d1dce8",7301:"16a6b84e",7314:"12c890b3",7510:"ce3daaaf",7526:"8632f7be",7539:"549df8fe",7544:"44ac32d3",7619:"289be922",7893:"6787dd78",7918:"5622278f",7920:"5151c289",7966:"d2ad1d18",8002:"a901e160",8092:"7633adf7",8228:"103ba006",8361:"8594a1aa",8711:"3fdb26d0",8763:"17db2b17",8795:"971d5167",8813:"e82bc030",8894:"ad65c686",9056:"355ca87c",9246:"d31de443",9353:"30bb08d8",9360:"0d61a075",9504:"43b0d0fc",9514:"384c1dd0",9593:"a01575c1",9719:"e7e6729e",9804:"9262d5bf",9816:"acdd19d2"}[e]+".js",r.miniCssF=e=>{},r.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),r.o=(e,f)=>Object.prototype.hasOwnProperty.call(e,f),d={},b="fleet-docs:",r.l=(e,f,a,c)=>{if(d[e])d[e].push(f);else{var t,o;if(void 0!==a)for(var n=document.getElementsByTagName("script"),i=0;i{t.onerror=t.onload=null,clearTimeout(s);var b=d[e];if(delete d[e],t.parentNode&&t.parentNode.removeChild(t),b&&b.forEach((e=>e(a))),f)return f(a)},s=setTimeout(u.bind(null,void 0,{type:"timeout",target:t}),12e4);t.onerror=u.bind(null,t.onerror),t.onload=u.bind(null,t.onload),o&&document.head.appendChild(t)}},r.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.p="/",r.gca=function(e){return e={17896441:"7918","935f2afb":"53",cd0bf424:"208",de08e76e:"299",f63438e5:"665",d8f58335:"764","680ed9ed":"835",b32c755c:"859",af48bdba:"964","6f2a0b31":"1266","0a06c365":"1371",e3aa6547:"1462",b2456c44:"1760",cd323ffc:"1910",fbaf079d:"2030",bd465781:"2112",ecc84eb4:"2323","461a3020":"2343","06df35bc":"2357",a2c468b1:"2361",fd26103c:"2392","6cf4c0df":"2418",dd67116e:"2425","8070e160":"2651","09d5ad39":"3030","4ccb6852":"3084",fb76c575:"3200","3b8c55ea":"3217","1fec2b35":"3325","45a5cd1f":"3365","57b32f77":"3560",af10d9fb:"3632",fd06576e:"3667",d3d9887a:"3714","834808ff":"3814",abaf23c8:"3862","26326ef3":"4236","0252b8ff":"4311",f6748474:"4339",b9a03c38:"4581","1f14308a":"4728",da21831e:"4893",b60b3bd8:"4917",f7cf1511:"5225","522d95f1":"5279","847b3bc4":"5435",ffe5129d:"5532","839437d0":"5711","3718f698":"5763","5a165616":"5764","2f0f344d":"5765","34a3c1ae":"5776",e252aa27:"5854","5281b7a2":"5927","10f03480":"5945",d162992c:"6098","7c5d32d8":"6250","7f3d36ad":"6255",ebf52154:"6393",e0636556:"6418","0e50cd4d":"6560",b7ae13b2:"6588","39f5e362":"6943",f8113afe:"6957","762abe3e":"6961",c377a04b:"6971",a9e7f6cd:"7169","2d618eff":"7224","11f54a6a":"7301","34eb4307":"7314","84ab13f9":"7510","4fac8f87":"7526","22b369d5":"7539",c7381d34:"7544","49af6a86":"7619",f8909550:"7893","1a4e3797":"7920","07db75e5":"7966","01b4035b":"8002",ee0e1228:"8092","5379b7b3":"8228",dd81469d:"8361",b8f3160f:"8711","14d8290d":"8763","12f4838b":"8795",aba71817:"8813","340d0560":"9246","9533a6b7":"9353","9d9f8394":"9360",c211f800:"9504","1be78505":"9514","17b50570":"9593","63e62f73":"9719","3c247a82":"9804","755aca7b":"9816"}[e]||e,r.p+r.u(e)},(()=>{var e={1303:0,532:0};r.f.j=(f,a)=>{var d=r.o(e,f)?e[f]:void 0;if(0!==d)if(d)a.push(d[2]);else if(/^(1303|532)$/.test(f))e[f]=0;else{var b=new Promise(((a,b)=>d=e[f]=[a,b]));a.push(d[2]=b);var c=r.p+r.u(f),t=new Error;r.l(c,(a=>{if(r.o(e,f)&&(0!==(d=e[f])&&(e[f]=void 0),d)){var b=a&&("load"===a.type?"missing":a.type),c=a&&a.target&&a.target.src;t.message="Loading chunk "+f+" failed.\n("+b+": "+c+")",t.name="ChunkLoadError",t.type=b,t.request=c,d[1](t)}}),"chunk-"+f,f)}},r.O.j=f=>0===e[f];var f=(f,a)=>{var d,b,c=a[0],t=a[1],o=a[2],n=0;if(c.some((f=>0!==e[f]))){for(d in t)r.o(t,d)&&(r.m[d]=t[d]);if(o)var i=o(r)}for(f&&f(a);n{"use strict";var e,f,a,d,c,b={},t={};function r(e){var f=t[e];if(void 0!==f)return f.exports;var a=t[e]={id:e,loaded:!1,exports:{}};return b[e].call(a.exports,a,a.exports,r),a.loaded=!0,a.exports}r.m=b,r.c=t,e=[],r.O=(f,a,d,c)=>{if(!a){var b=1/0;for(i=0;i=c)&&Object.keys(r.O).every((e=>r.O[e](a[o])))?a.splice(o--,1):(t=!1,c0&&e[i-1][2]>c;i--)e[i]=e[i-1];e[i]=[a,d,c]},r.n=e=>{var f=e&&e.__esModule?()=>e.default:()=>e;return r.d(f,{a:f}),f},a=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,r.t=function(e,d){if(1&d&&(e=this(e)),8&d)return e;if("object"==typeof e&&e){if(4&d&&e.__esModule)return e;if(16&d&&"function"==typeof e.then)return e}var c=Object.create(null);r.r(c);var b={};f=f||[null,a({}),a([]),a(a)];for(var t=2&d&&e;"object"==typeof t&&!~f.indexOf(t);t=a(t))Object.getOwnPropertyNames(t).forEach((f=>b[f]=()=>e[f]));return b.default=()=>e,r.d(c,b),c},r.d=(e,f)=>{for(var a in f)r.o(f,a)&&!r.o(e,a)&&Object.defineProperty(e,a,{enumerable:!0,get:f[a]})},r.f={},r.e=e=>Promise.all(Object.keys(r.f).reduce(((f,a)=>(r.f[a](e,f),f)),[])),r.u=e=>"assets/js/"+({53:"935f2afb",208:"cd0bf424",299:"de08e76e",665:"f63438e5",764:"d8f58335",835:"680ed9ed",859:"b32c755c",964:"af48bdba",1266:"6f2a0b31",1371:"0a06c365",1462:"e3aa6547",1760:"b2456c44",1910:"cd323ffc",2030:"fbaf079d",2112:"bd465781",2323:"ecc84eb4",2343:"461a3020",2357:"06df35bc",2361:"a2c468b1",2392:"fd26103c",2418:"6cf4c0df",2425:"dd67116e",2651:"8070e160",3030:"09d5ad39",3084:"4ccb6852",3200:"fb76c575",3217:"3b8c55ea",3325:"1fec2b35",3365:"45a5cd1f",3560:"57b32f77",3632:"af10d9fb",3667:"fd06576e",3714:"d3d9887a",3814:"834808ff",3862:"abaf23c8",4236:"26326ef3",4311:"0252b8ff",4339:"f6748474",4581:"b9a03c38",4728:"1f14308a",4893:"da21831e",4917:"b60b3bd8",5225:"f7cf1511",5279:"522d95f1",5435:"847b3bc4",5532:"ffe5129d",5711:"839437d0",5763:"3718f698",5764:"5a165616",5765:"2f0f344d",5776:"34a3c1ae",5854:"e252aa27",5927:"5281b7a2",5945:"10f03480",6098:"d162992c",6250:"7c5d32d8",6255:"7f3d36ad",6393:"ebf52154",6418:"e0636556",6560:"0e50cd4d",6588:"b7ae13b2",6943:"39f5e362",6957:"f8113afe",6961:"762abe3e",6971:"c377a04b",7169:"a9e7f6cd",7224:"2d618eff",7301:"11f54a6a",7314:"34eb4307",7510:"84ab13f9",7526:"4fac8f87",7539:"22b369d5",7544:"c7381d34",7619:"49af6a86",7893:"f8909550",7918:"17896441",7920:"1a4e3797",7966:"07db75e5",8002:"01b4035b",8092:"ee0e1228",8228:"5379b7b3",8361:"dd81469d",8711:"b8f3160f",8763:"14d8290d",8795:"12f4838b",8813:"aba71817",9246:"340d0560",9353:"9533a6b7",9360:"9d9f8394",9504:"c211f800",9514:"1be78505",9593:"17b50570",9719:"63e62f73",9804:"3c247a82",9816:"755aca7b"}[e]||e)+"."+{53:"4411e126",208:"dc4ca605",299:"b2616e03",665:"2ef4d035",764:"cce42ba6",835:"ee30c6a1",859:"4e6d16b6",964:"1eb7f149",1266:"806737ac",1371:"30eeb095",1462:"ee996040",1760:"0f8fe90a",1910:"4c90cc15",2030:"8ec9c5bc",2112:"bb709602",2323:"203ba1eb",2343:"ca933b05",2357:"20595c47",2361:"3369f9a7",2392:"8c9fe6a4",2418:"45a4ac69",2425:"c47ac0f2",2651:"1118f958",3030:"c5694cdf",3084:"19c42d0a",3200:"649838ed",3217:"01eed4fa",3325:"77a3fb5a",3365:"7d8f1f1c",3560:"e4ae788c",3632:"027616f3",3667:"bdf1f0c4",3714:"ea8deade",3814:"d4f8f7fc",3862:"98b96c52",4236:"e884bef2",4311:"3418e11e",4339:"3f19249a",4581:"4a3874b3",4728:"c9b36535",4893:"59a7e060",4917:"c727d7a8",4972:"36527565",5225:"bd9dfa13",5279:"dfb57b7a",5435:"d6da70de",5532:"00022c28",5711:"af445ebc",5763:"077840a9",5764:"735e5d78",5765:"36af1d9a",5776:"399bcb19",5854:"8a8451ed",5927:"4009f0ec",5945:"7b061657",6098:"ebe773a2",6250:"1d018540",6255:"9c7882bd",6393:"dc94694a",6418:"382874e2",6560:"daf3545b",6588:"32826eb7",6780:"73cff48e",6943:"3479005a",6945:"98e888a2",6957:"19783368",6961:"00af4f07",6971:"5bd1461a",7169:"69954bfe",7224:"f92010c4",7301:"58de1936",7314:"cafd192f",7510:"997e20d1",7526:"a67bd685",7539:"e8c002d5",7544:"b5bef923",7619:"6909d500",7893:"a8df6b80",7918:"5622278f",7920:"5151c289",7966:"a048c636",8002:"1d4437bb",8092:"7633adf7",8228:"c638c193",8361:"eac7dcff",8711:"37f64d95",8763:"842dcd90",8795:"6cef46d7",8813:"d30b293f",8894:"ad65c686",9056:"355ca87c",9246:"33e8b3c1",9353:"24e6a7e5",9360:"a4c9e09e",9504:"6ba0cf6c",9514:"384c1dd0",9593:"a01575c1",9719:"a86528cb",9804:"6805e2f6",9816:"6251ef14"}[e]+".js",r.miniCssF=e=>{},r.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),r.o=(e,f)=>Object.prototype.hasOwnProperty.call(e,f),d={},c="fleet-docs:",r.l=(e,f,a,b)=>{if(d[e])d[e].push(f);else{var t,o;if(void 0!==a)for(var n=document.getElementsByTagName("script"),i=0;i{t.onerror=t.onload=null,clearTimeout(s);var c=d[e];if(delete d[e],t.parentNode&&t.parentNode.removeChild(t),c&&c.forEach((e=>e(a))),f)return f(a)},s=setTimeout(u.bind(null,void 0,{type:"timeout",target:t}),12e4);t.onerror=u.bind(null,t.onerror),t.onload=u.bind(null,t.onload),o&&document.head.appendChild(t)}},r.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.p="/",r.gca=function(e){return e={17896441:"7918","935f2afb":"53",cd0bf424:"208",de08e76e:"299",f63438e5:"665",d8f58335:"764","680ed9ed":"835",b32c755c:"859",af48bdba:"964","6f2a0b31":"1266","0a06c365":"1371",e3aa6547:"1462",b2456c44:"1760",cd323ffc:"1910",fbaf079d:"2030",bd465781:"2112",ecc84eb4:"2323","461a3020":"2343","06df35bc":"2357",a2c468b1:"2361",fd26103c:"2392","6cf4c0df":"2418",dd67116e:"2425","8070e160":"2651","09d5ad39":"3030","4ccb6852":"3084",fb76c575:"3200","3b8c55ea":"3217","1fec2b35":"3325","45a5cd1f":"3365","57b32f77":"3560",af10d9fb:"3632",fd06576e:"3667",d3d9887a:"3714","834808ff":"3814",abaf23c8:"3862","26326ef3":"4236","0252b8ff":"4311",f6748474:"4339",b9a03c38:"4581","1f14308a":"4728",da21831e:"4893",b60b3bd8:"4917",f7cf1511:"5225","522d95f1":"5279","847b3bc4":"5435",ffe5129d:"5532","839437d0":"5711","3718f698":"5763","5a165616":"5764","2f0f344d":"5765","34a3c1ae":"5776",e252aa27:"5854","5281b7a2":"5927","10f03480":"5945",d162992c:"6098","7c5d32d8":"6250","7f3d36ad":"6255",ebf52154:"6393",e0636556:"6418","0e50cd4d":"6560",b7ae13b2:"6588","39f5e362":"6943",f8113afe:"6957","762abe3e":"6961",c377a04b:"6971",a9e7f6cd:"7169","2d618eff":"7224","11f54a6a":"7301","34eb4307":"7314","84ab13f9":"7510","4fac8f87":"7526","22b369d5":"7539",c7381d34:"7544","49af6a86":"7619",f8909550:"7893","1a4e3797":"7920","07db75e5":"7966","01b4035b":"8002",ee0e1228:"8092","5379b7b3":"8228",dd81469d:"8361",b8f3160f:"8711","14d8290d":"8763","12f4838b":"8795",aba71817:"8813","340d0560":"9246","9533a6b7":"9353","9d9f8394":"9360",c211f800:"9504","1be78505":"9514","17b50570":"9593","63e62f73":"9719","3c247a82":"9804","755aca7b":"9816"}[e]||e,r.p+r.u(e)},(()=>{var e={1303:0,532:0};r.f.j=(f,a)=>{var d=r.o(e,f)?e[f]:void 0;if(0!==d)if(d)a.push(d[2]);else if(/^(1303|532)$/.test(f))e[f]=0;else{var c=new Promise(((a,c)=>d=e[f]=[a,c]));a.push(d[2]=c);var b=r.p+r.u(f),t=new Error;r.l(b,(a=>{if(r.o(e,f)&&(0!==(d=e[f])&&(e[f]=void 0),d)){var c=a&&("load"===a.type?"missing":a.type),b=a&&a.target&&a.target.src;t.message="Loading chunk "+f+" failed.\n("+c+": "+b+")",t.name="ChunkLoadError",t.type=c,t.request=b,d[1](t)}}),"chunk-"+f,f)}},r.O.j=f=>0===e[f];var f=(f,a)=>{var d,c,b=a[0],t=a[1],o=a[2],n=0;if(b.some((f=>0!==e[f]))){for(d in t)r.o(t,d)&&(r.m[d]=t[d]);if(o)var i=o(r)}for(f&&f(a);n Generating Diffs for Modified GitRepos | Fleet - +
    Version: Next 🚧

    Generating Diffs for Modified GitRepos

    Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.

    You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the Bundles section.

    The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the caBundle is empty and the CA cert is injected by the cluster.

    This leads the status of the bundle and associated GitRepo to be reported as "Modified"

    Associated Bundle -

    Fleet bundles support the ability to specify a custom jsonPointer patch.

    With the patch, users can instruct fleet to ignore object modifications.

    In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

    The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

    Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

    In our case the differences detected are as follows:

      summary:
        desiredReady: 1
        modified: 1
        nonReadyResources:
        - bundleState: Modified
          modifiedStatus:
          - apiVersion: admissionregistration.k8s.io/v1
            kind: ValidatingWebhookConfiguration
            name: gatekeeper-validating-webhook-configuration
            patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-audit
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-controller-manager
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

    Based on this summary, there are three objects which need to be patched.

    We will look at these one at a time.

    1. ValidatingWebhookConfiguration:​

    The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

    In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

    From this information, we can see the two ValidatingWebhooks in question are:

      "$setElementOrder/webhooks": [
        {
          "name": "validation.gatekeeper.sh"
        },
        {
          "name": "check-ignore-label.gatekeeper.sh"
        }
      ],

    Within each ValidatingWebhook, the fields that need to be ignore are as follows:

        {
          "clientConfig": {
            "caBundle": "Cg=="
          },
          "name": "validation.gatekeeper.sh",
          "rules": [
            {
              "apiGroups": [
                "*"
              ],
              "apiVersions": [
                "*"
              ],
              "operations": [
                "CREATE",
                "UPDATE"
              ],
              "resources": [
                "*"
              ]
            }
          ]
        },

    and 

        {
         "clientConfig": {
           "caBundle": "Cg=="
         },
         "name": "check-ignore-label.gatekeeper.sh",
         "rules": [
           {
             "apiGroups": [
               ""
             ],
             "apiVersions": [
               "*"
             ],
             "operations": [
               "CREATE",
               "UPDATE"
             ],
             "resources": [
               "namespaces"
             ]
           }
         ]
       }

    In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

    The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

    Based on this information, our diff patch would look as follows:

      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    2. Deployment gatekeeper-controller-manager:​

    The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    3. Deployment gatekeeper-audit:​

    The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    Combining It All Together​

    We can now combine all these patches as follows:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

    Once these are added, the GitRepo should deploy and be in "Active" status.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +

    Fleet bundles support the ability to specify a custom jsonPointer patch.

    With the patch, users can instruct fleet to ignore object modifications.

    In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

    The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

    Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

    In our case the differences detected are as follows:

      summary:
        desiredReady: 1
        modified: 1
        nonReadyResources:
        - bundleState: Modified
          modifiedStatus:
          - apiVersion: admissionregistration.k8s.io/v1
            kind: ValidatingWebhookConfiguration
            name: gatekeeper-validating-webhook-configuration
            patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-audit
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-controller-manager
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

    Based on this summary, there are three objects which need to be patched.

    We will look at these one at a time.

    1. ValidatingWebhookConfiguration:​

    The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

    In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

    From this information, we can see the two ValidatingWebhooks in question are:

      "$setElementOrder/webhooks": [
        {
          "name": "validation.gatekeeper.sh"
        },
        {
          "name": "check-ignore-label.gatekeeper.sh"
        }
      ],

    Within each ValidatingWebhook, the fields that need to be ignore are as follows:

        {
          "clientConfig": {
            "caBundle": "Cg=="
          },
          "name": "validation.gatekeeper.sh",
          "rules": [
            {
              "apiGroups": [
                "*"
              ],
              "apiVersions": [
                "*"
              ],
              "operations": [
                "CREATE",
                "UPDATE"
              ],
              "resources": [
                "*"
              ]
            }
          ]
        },

    and 

        {
         "clientConfig": {
           "caBundle": "Cg=="
         },
         "name": "check-ignore-label.gatekeeper.sh",
         "rules": [
           {
             "apiGroups": [
               ""
             ],
             "apiVersions": [
               "*"
             ],
             "operations": [
               "CREATE",
               "UPDATE"
             ],
             "resources": [
               "namespaces"
             ]
           }
         ]
       }

    In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

    The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

    Based on this information, our diff patch would look as follows:

      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    2. Deployment gatekeeper-controller-manager:​

    The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    3. Deployment gatekeeper-audit:​

    The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    Combining It All Together​

    We can now combine all these patches as follows:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

    Once these are added, the GitRepo should deploy and be in "Active" status.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/cli/fleet-agent.html b/cli/fleet-agent.html index dd617e6fe..a2453b542 100644 --- a/cli/fleet-agent.html +++ b/cli/fleet-agent.html @@ -4,13 +4,13 @@ Fleet - +
    -
    Version: Next 🚧

    fleet-agent​

    fleet-agent [flags]

    Options​

          --agent-scope string        An identifier used to scope the agent bundleID names, typically the same as namespace
          --checkin-interval string   How often to post cluster status
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet-agent
          --kubeconfig string         kubeconfig file
          --namespace string          namespace to watch
          --simulators int            Numbers of simulators to run
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Version: Next 🚧

    fleet-agent​

    fleet-agent [flags]

    Options​

          --agent-scope string        An identifier used to scope the agent bundleID names, typically the same as namespace
          --checkin-interval string   How often to post cluster status
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet-agent
          --kubeconfig string         kubeconfig file
          --namespace string          namespace to watch
          --simulators int            Numbers of simulators to run
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/cli/fleet-cli/fleet.html b/cli/fleet-cli/fleet.html index 172aedd5f..42af76203 100644 --- a/cli/fleet-cli/fleet.html +++ b/cli/fleet-cli/fleet.html @@ -4,13 +4,13 @@ Fleet - +
    -
    Version: Next 🚧

    fleet​

    fleet [flags]

    Options​

          --context string            kubeconfig context for authentication
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    • fleet apply - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager
    • fleet test - Match a bundle to a target and render the output
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Version: Next 🚧

    fleet​

    fleet [flags]

    Options​

          --context string            kubeconfig context for authentication
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    • fleet apply - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager
    • fleet test - Match a bundle to a target and render the output
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/cli/fleet-cli/fleet_apply.html b/cli/fleet-cli/fleet_apply.html index 8b8653194..e42a17363 100644 --- a/cli/fleet-cli/fleet_apply.html +++ b/cli/fleet-cli/fleet_apply.html @@ -4,13 +4,13 @@ Fleet - +
    -
    Version: Next 🚧

    fleet apply​

    Render a bundle into a Kubernetes resource and apply it in the Fleet Manager

    fleet apply [flags] BUNDLE_NAME PATH...

    Options​

      -b, --bundle-file string           Location of the raw Bundle resource yaml
          --cacerts-file string          Path of custom cacerts for helm repo
          --commit string                Commit to assign to the bundle
      -c, --compress                     Force all resources to be compress
          --debug                        Turn on debug logging
          --debug-level int              If debugging is enabled, set klog -v=X
      -f, --file string                  Location of the fleet.yaml
      -h, --help                         help for apply
      -l, --label strings                Labels to apply to created bundles
      -o, --output string                Output contents to file or - for stdout
          --password-file string         Path of file containing basic auth password for helm repo
          --paused                       Create bundles in a paused state
      -a, --service-account string       Service account to assign to bundle created
          --ssh-privatekey-file string   Path of ssh-private-key for helm repo
          --sync-generation int          Generation number used to force sync the deployment
          --target-namespace string      Ensure this bundle goes to this target namespace
          --targets-file string          Addition source of targets and restrictions to be append
          --username string              Basic auth username for helm repo

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Version: Next 🚧

    fleet apply​

    Render a bundle into a Kubernetes resource and apply it in the Fleet Manager

    fleet apply [flags] BUNDLE_NAME PATH...

    Options​

      -b, --bundle-file string           Location of the raw Bundle resource yaml
          --cacerts-file string          Path of custom cacerts for helm repo
          --commit string                Commit to assign to the bundle
      -c, --compress                     Force all resources to be compress
          --debug                        Turn on debug logging
          --debug-level int              If debugging is enabled, set klog -v=X
      -f, --file string                  Location of the fleet.yaml
      -h, --help                         help for apply
      -l, --label strings                Labels to apply to created bundles
      -o, --output string                Output contents to file or - for stdout
          --password-file string         Path of file containing basic auth password for helm repo
          --paused                       Create bundles in a paused state
      -a, --service-account string       Service account to assign to bundle created
          --ssh-privatekey-file string   Path of ssh-private-key for helm repo
          --sync-generation int          Generation number used to force sync the deployment
          --target-namespace string      Ensure this bundle goes to this target namespace
          --targets-file string          Addition source of targets and restrictions to be append
          --username string              Basic auth username for helm repo

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/cli/fleet-cli/fleet_test.html b/cli/fleet-cli/fleet_test.html index f3e42afc1..8ac9d151e 100644 --- a/cli/fleet-cli/fleet_test.html +++ b/cli/fleet-cli/fleet_test.html @@ -4,13 +4,13 @@ Fleet - +
    -
    Version: Next 🚧

    fleet test​

    Match a bundle to a target and render the output

    fleet test [flags]

    Options​

      -b, --bundle-file string    Location of the raw Bundle resource yaml
          --debug                 Turn on debug logging
          --debug-level int       If debugging is enabled, set klog -v=X
      -f, --file string           Location of the fleet.yaml
      -g, --group string          Cluster group to match against
      -L, --group-label strings   Cluster group labels to match against
      -h, --help                  help for test
      -l, --label strings         Cluster labels to match against
      -N, --name string           Cluster name to match against
      -q, --quiet                 Just print the match and don't print the resources
      -t, --target string         Explicit target to match

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Version: Next 🚧

    fleet test​

    Match a bundle to a target and render the output

    fleet test [flags]

    Options​

      -b, --bundle-file string    Location of the raw Bundle resource yaml
          --debug                 Turn on debug logging
          --debug-level int       If debugging is enabled, set klog -v=X
      -f, --file string           Location of the fleet.yaml
      -g, --group string          Cluster group to match against
      -L, --group-label strings   Cluster group labels to match against
      -h, --help                  help for test
      -l, --label strings         Cluster labels to match against
      -N, --name string           Cluster name to match against
      -q, --quiet                 Just print the match and don't print the resources
      -t, --target string         Explicit target to match

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/cli/fleet-controller/fleet-manager.html b/cli/fleet-controller/fleet-manager.html index 3cdc39491..3c78b313d 100644 --- a/cli/fleet-controller/fleet-manager.html +++ b/cli/fleet-controller/fleet-manager.html @@ -4,13 +4,13 @@ Fleet - +
    -
    Version: Next 🚧

    fleet-manager​

    fleet-manager [flags]

    Options​

          --debug               Turn on debug logging
          --debug-level int     If debugging is enabled, set klog -v=X
          --disable-bootstrap   disable local cluster components
          --disable-gitops      disable gitops components
      -h, --help                help for fleet-manager
          --kubeconfig string   Kubeconfig file
          --namespace string    namespace to watch (default "cattle-fleet-system")
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Version: Next 🚧

    fleet-manager​

    fleet-manager [flags]

    Options​

          --debug               Turn on debug logging
          --debug-level int     If debugging is enabled, set klog -v=X
          --disable-bootstrap   disable local cluster components
          --disable-gitops      disable gitops components
      -h, --help                help for fleet-manager
          --kubeconfig string   Kubeconfig file
          --namespace string    namespace to watch (default "cattle-fleet-system")
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/cluster-bundles-state.html b/cluster-bundles-state.html index ef790bc09..abfb506d9 100644 --- a/cluster-bundles-state.html +++ b/cluster-bundles-state.html @@ -4,13 +4,13 @@ Cluster and Bundle State | Fleet - +
    -
    Version: Next 🚧

    Cluster and Bundle State

    Clusters and Bundles have different states in each phase of applying Bundles.

    Bundles​

    Ready: Bundles have been deployed and all resources are ready.

    NotReady: Bundles have been deployed and some resources are not ready.

    WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

    ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

    OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

    Pending: Bundles are being processed by Fleet controller.

    Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

    Clusters​

    WaitCheckIn: Waiting for agent to report registration information and cluster status back.

    NotReady: There are bundles in this cluster that are in NotReady state.

    WaitApplied: There are bundles in this cluster that are in WaitApplied state.

    ErrApplied: There are bundles in this cluster that are in ErrApplied state.

    OutOfSync: There are bundles in this cluster that are in OutOfSync state.

    Pending: There are bundles in this cluster that are in Pending state.

    Modified: There are bundles in this cluster that are in Modified state.

    Ready: Bundles in this cluster have been deployed and all resources are ready.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Version: Next 🚧

    Cluster and Bundle State

    Clusters and Bundles have different states in each phase of applying Bundles.

    Bundles​

    Ready: Bundles have been deployed and all resources are ready.

    NotReady: Bundles have been deployed and some resources are not ready.

    WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

    ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

    OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

    Pending: Bundles are being processed by Fleet controller.

    Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

    Clusters​

    WaitCheckIn: Waiting for agent to report registration information and cluster status back.

    NotReady: There are bundles in this cluster that are in NotReady state.

    WaitApplied: There are bundles in this cluster that are in WaitApplied state.

    ErrApplied: There are bundles in this cluster that are in ErrApplied state.

    OutOfSync: There are bundles in this cluster that are in OutOfSync state.

    Pending: There are bundles in this cluster that are in Pending state.

    Modified: There are bundles in this cluster that are in Modified state.

    Ready: Bundles in this cluster have been deployed and all resources are ready.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/cluster-group.html b/cluster-group.html index 14f421f4a..be613c505 100644 --- a/cluster-group.html +++ b/cluster-group.html @@ -4,7 +4,7 @@ Cluster Groups | Fleet - + @@ -13,8 +13,8 @@ The only parameter for a cluster group is essentially the selector. When you get to a certain scale cluster groups become a more reasonable way to manage your clusters. Cluster groups serve the purpose of giving aggregated -status of the deployments and then also a simpler way to manage targets.

    A cluster group is created by creating a ClusterGroup resource like below

    kind: ClusterGroup
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: production-group
      namespace: clusters
    spec:
      # This is the standard metav1.LabelSelector format to match clusters by labels
      selector:
        matchLabels:
          env: prod
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +status of the deployments and then also a simpler way to manage targets.

    A cluster group is created by creating a ClusterGroup resource like below

    kind: ClusterGroup
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: production-group
      namespace: clusters
    spec:
      # This is the standard metav1.LabelSelector format to match clusters by labels
      selector:
        matchLabels:
          env: prod
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/cluster-overview.html b/cluster-overview.html index 3aa892344..5c5f2068f 100644 --- a/cluster-overview.html +++ b/cluster-overview.html @@ -4,7 +4,7 @@ Overview | Fleet - + @@ -24,8 +24,8 @@ manager must be able to communicate with the downstream cluster API server for t After the cluster is registered there is no further need for the manager to contact the downstream cluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes clusters through GitOps using something like cluster-api -or Rancher.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +or Rancher.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/cluster-tokens.html b/cluster-tokens.html index 967721939..efe0a3e2a 100644 --- a/cluster-tokens.html +++ b/cluster-tokens.html @@ -4,7 +4,7 @@ Cluster Registration Tokens | Fleet - + @@ -26,8 +26,8 @@ are used in Fleet refer to the documentation on namespaces token with the below YAML.

    kind: ClusterRegistrationToken
    apiVersion: "fleet.cattle.io/v1alpha1"
    metadata:
        name: new-token
        namespace: clusters
    spec:
        # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.
        ttl: 240h

    After the ClusterRegistrationToken is created, Fleet will create a corresponding Secret with the same name. As the Secret creation is performed asynchronously, you will need to wait until it's available before using it.

    One way to do so is via the following one-liner:

    while ! kubectl --namespace=clusters  get secret new-token; do sleep 5; done

    Obtaining Token Value (Agent values.yaml)​

    The token value contains YAML content for a values.yaml file that is expected to be passed to helm install to install the Fleet agent on a downstream cluster.

    Such value is contained in the values field of the Secret mentioned above. To obtain the YAML content for the -above example one can run the following one-liner:

    kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml

    Once the values.yaml is ready it can be used repeatedly by clusters to register until the TTL expires.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +above example one can run the following one-liner:

    kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml

    Once the values.yaml is ready it can be used repeatedly by clusters to register until the TTL expires.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/concepts.html b/concepts.html index a0f95fcb8..17cf636db 100644 --- a/concepts.html +++ b/concepts.html @@ -4,7 +4,7 @@ Core Concepts | Fleet - + @@ -24,8 +24,8 @@ Regardless of the source the contents are dynamically rendered into a Helm chart and installed into the downstream cluster as a helm release.

    • To see the lifecycle of a bundle, click here.

  • BundleDeployment: When a Bundle is deployed to a cluster an instance of a Bundle is called a BundleDeployment. A BundleDeployment represents the state of that Bundle on a specific cluster with its cluster specific customizations. The Fleet agent is only aware of BundleDeployment resources that are created for -the cluster the agent is managing.

    • For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click here.

  • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

  • Cluster Registration Token: Tokens used by agents to register a new cluster.

    • Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +the cluster the agent is managing.

    • For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click here.

  • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

  • Cluster Registration Token: Tokens used by agents to register a new cluster.

    • Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/examples.html b/examples.html index 7fe5eb0c1..98c3f35b2 100644 --- a/examples.html +++ b/examples.html @@ -4,14 +4,14 @@ Examples | Fleet - +
    Version: Next 🚧

    Examples

    Lifecycle of a Fleet Bundle​

    To demonstrate the lifecycle of a Fleet bundle, we will use multi-cluster/helm as a case study.

    1. User will create a GitRepo that points to the multi-cluster/helm repository.
    2. The gitjob-controller will sync changes from the GitRepo and detect changes from the polling or webhook event. With every commit change, the gitjob-controller will create a job that clones the git repository, reads content from the repo such as fleet.yaml and other manifests, and creates the Fleet bundle.

    Note: The job pod with the image name rancher/tekton-utils will be under the same namespace as the GitRepo.

    1. The fleet-controller then syncs changes from the bundle. According to the targets, the fleet-controller will create BundleDeployment resources, which are a combination of a bundle and a target cluster.
    2. The fleet-agent will then pull the BundleDeployment from the Fleet controlplane. The agent deploys bundle manifests as a Helm chart from the BundleDeployment into the downstream clusters.
    3. The fleet-agent will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.

    Deploy Kubernetes Manifests Across Clusters with Customization​

    Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.

    To demonstrate how to deploy Kubernetes manifests across different clusters using Fleet, we will use multi-cluster/helm/fleet.yaml as a case study.

    Situation: User has three clusters with three different labels: env=dev, env=test, and env=prod. User wants to deploy a frontend application with a backend database across these clusters.

    Expected behavior:

    • After deploying to the dev cluster, database replication is not enabled.
    • After deploying to the test cluster, database replication is enabled.
    • After deploying to the prod cluster, database replication is enabled and Load balancer services are exposed.

    Advantage of Fleet:

    Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:

    1. Deploy gitRepo https://github.com/rancher/fleet-examples.git and specify the path multi-cluster/helm.
    2. Under multi-cluster/helm, a Helm chart will deploy the frontend app service and backend database service.
    3. The following rule will be defined in fleet.yaml: 
    targetCustomizations:
    - name: dev
      helm:
        values:
          replication: false
      clusterSelector:
        matchLabels:
          env: dev

    - name: test
      helm:
        values:
          replicas: 3
      clusterSelector:
        matchLabels:
          env: test

    - name: prod
      helm:
        values:
          serviceType: LoadBalancer
          replicas: 3
      clusterSelector:
        matchLabels:
          env: prod

    Result:

    Fleet will deploy the Helm chart with your customized values.yaml to the different clusters.

    Note: Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.

    Additional Examples​

    Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations -of the three are in the Fleet Examples repo.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +of the three are in the Fleet Examples repo.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/gitrepo-add.html b/gitrepo-add.html index 52474a989..e9f92965c 100644 --- a/gitrepo-add.html +++ b/gitrepo-add.html @@ -4,7 +4,7 @@ Adding a GitRepo | Fleet - + @@ -12,8 +12,8 @@
    Version: Next 🚧

    Adding a GitRepo

    Proper namespace​

    Git repos are added to the Fleet manager using the GitRepo custom resource type. The GitRepo type is namespaced. By default, Rancher will create two Fleet workspaces: fleet-default and fleet-local.

    • Fleet-default will contain all the downstream clusters that are already registered through Rancher.
    • Fleet-local will contain the local cluster by default.

    Users can create new workspaces and move clusters across workspaces. An example of a special case might be including the local cluster in the GitRepo payload for config maps and secrets (no active deployments or payloads).

    danger

    While it's possible to move clusters out of either workspace, we recommend that you keep the local cluster in fleet-local.

    If you are using Fleet in a single cluster style, the namespace will always be fleet-local. Check here for more on the fleet-local namespace.

    For a multi-cluster style, please ensure you use the correct repo that will map to the right target clusters.

    Create GitRepo instance​

    Git repositories are register by creating a GitRepo following the below YAML sample. Refer to the inline comments as the means of each field

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-repo
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      # This can be a HTTPS or git URL.  If you are using a git URL then
      # clientSecretName will probably need to be set to supply a credential.
      # repo is the only required parameter for a repo to be monitored.
      #
      repo: https://github.com/rancher/fleet-examples

      # Enforce all resources go to this target namespace. If a cluster scoped
      # resource is found the deployment will fail.
      #
      # targetNamespace: app1

      # Any branch can be watched, this field is optional. If not specified the
      # branch is assumed to be master
      #
      # branch: master

      # A specific commit or tag can also be watched.
      #
      # revision: v0.3.0

      # For a private registry you must supply a clientSecretName. A default
      # secret can be set at the namespace level using the GitRepoRestriction
      # type. Secrets must be of the type "kubernetes.io/ssh-auth" or
      # "kubernetes.io/basic-auth". The secret is assumed to be in the
      # same namespace as the GitRepo
      #
      # clientSecretName: my-ssh-key
      #
      # If fleet.yaml contains a private Helm repo that requires authentication,
      # provide the credentials in a K8s secret and specify them here.
      # Danger: the credentials will be sent to all repositories referenced from
      # this gitrepo. See section below for more information.
      #
      # helmSecretName: my-helm-secret
      # 
      # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression. 
      # Credentials will always be used if it is empty or not provided
      # 
      # helmRepoUrlRegex: https://charts.rancher.io/*
      #
      # To add additional ca-bundle for self-signed certs, caBundle can be
      # filled with base64 encoded pem data. For example:
      # `cat /path/to/ca.pem | base64 -w 0`
      #
      # caBundle: my-ca-bundle
      #
      # Disable SSL verification for git repo
      #
      # insecureSkipTLSVerify: true
      #
      # A git repo can read multiple paths in a repo at once.
      # The below field is expected to be an array of paths and
      # supports path globbing (ex: some/*/path)
      #
      # Example:
      # paths:
      # - single-path
      # - multiple-paths/*
      paths:
      - simple

      # PollingInterval configures how often fleet checks the git repo. The default
      # is 15 seconds.
      # Setting this to zero does not disable polling. It results in a 15s
      # interval, too.
      #
      # pollingInterval: 15

      # Paused  causes changes in Git to not be propagated down to the clusters but
      # instead mark resources as OutOfSync
      #
      # paused: false

      # Increment this number to force a redeployment of contents from Git
      #
      # forceSyncGeneration: 0

      # The service account that will be used to perform this deployment.
      # This is the name of the service account that exists in the
      # downstream cluster in the cattle-fleet-system namespace. It is assumed
      # this service account already exists so it should be create before
      # hand, most likely coming from another git repo registered with
      # the Fleet manager.
      #
      # serviceAccount: moreSecureAccountThanClusterAdmin

      # Target clusters to deploy to if running Fleet in a multi-cluster
      # style. Refer to the "Mapping to Downstream Clusters" docs for
      # more information.
      #
      # targets: ...

    Adding Private Git Repository​

    Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace.

    For example, to generate a private ssh key

    ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"

    Note: The private key format has to be in EC PRIVATE KEY, RSA PRIVATE KEY or PRIVATE KEY and should not contain a passphase.

    Put your private key into secret, use the namespace the GitRepo is in:

    kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key  --type=kubernetes.io/ssh-auth
    caution

    Private key with passphrase is not supported.

    caution

    The key has to be in PEM format.

    Fleet supports putting known_hosts into ssh secret. Here is an example of how to add it:

    Fetch the public key hash(take github as an example)

    ssh-keyscan -H github.com

    And add it into secret:

    apiVersion: v1
    kind: Secret
    metadata:
      name: ssh-key
    type: kubernetes.io/ssh-auth
    stringData:
      ssh-privatekey: <private-key>
      known_hosts: |-
        |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
    danger

    If you don't add it any server's public key will be trusted and added. (ssh -o stricthostkeychecking=accept-new will be used)

    info

    If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.

    Using HTTP Auth​

    Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see HTTP secrets in Github.

    kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat

    Just like with SSH, reference the secret in your GitRepo resource via clientSecretName.

    spec:
      repo: https://github.com/fleetrepoci/gitjob-private.git
      branch: main
      clientSecretName: basic-auth-secret

    Using Private Helm Repositories​

    danger

    The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource. Make sure you don't leak credentials by mixing public and private repositories. Split them into different gitrepos, or use -helmRepoUrlRegex to limit the scope of credentials to certain servers.

    For a private Helm repo, users can reference a secret with the following keys:

    1. username and password for basic http auth if the Helm HTTP repo is behind basic auth.

    2. cacerts for custom CA bundle if the Helm repo is using a custom CA.

    3. ssh-privatekey for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.

    For example, to add a secret in kubectl, run

    kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem

    After secret is created, specify the secret to gitRepo.spec.helmSecretName. Make sure secret is created under the same namespace with gitrepo.

    note

    If you are using "rancher-backups" and want this secret to be included the backup, please add the label resources.cattle.io/backup: true to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials.

    Troubleshooting

    See Fleet Troubleshooting section here.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +helmRepoUrlRegex to limit the scope of credentials to certain servers.

    For a private Helm repo, users can reference a secret with the following keys:

    1. username and password for basic http auth if the Helm HTTP repo is behind basic auth.

    2. cacerts for custom CA bundle if the Helm repo is using a custom CA.

    3. ssh-privatekey for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.

    For example, to add a secret in kubectl, run

    kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem

    After secret is created, specify the secret to gitRepo.spec.helmSecretName. Make sure secret is created under the same namespace with gitrepo.

    note

    If you are using "rancher-backups" and want this secret to be included the backup, please add the label resources.cattle.io/backup: true to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials.

    Troubleshooting

    See Fleet Troubleshooting section here.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/gitrepo-structure.html b/gitrepo-structure.html index 94b042250..1e2938911 100644 --- a/gitrepo-structure.html +++ b/gitrepo-structure.html @@ -4,7 +4,7 @@ Expected Repo Structure | Fleet - + @@ -43,8 +43,8 @@ the contents a file the convention of adding _patch. (notice the tr will be replaced with . from the file name and that will be used as the target. For example deployment_patch.yaml will target deployment.yaml. The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch. Which strategy is used is based on the file content. Even though JSON strategies are used, the files can be written -using YAML syntax.

    Cluster and Bundle state​

    See Cluster and Bundle state.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +using YAML syntax.

    Cluster and Bundle state​

    See Cluster and Bundle state.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/gitrepo-targets.html b/gitrepo-targets.html index 639744444..6c612d00f 100644 --- a/gitrepo-targets.html +++ b/gitrepo-targets.html @@ -4,7 +4,7 @@ Mapping to Downstream Clusters | Fleet - + @@ -18,8 +18,8 @@ One can use cluster selectors, cluster group selectors, or an explicit cluster g the final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the default value it is dropped from the criteria. The default value is either null or "". It is important to realize that the value {} for a selector means "match everything."

    # Match everything
    clusterSelector: {}
    # Selector ignored
    clusterSelector: null

    Default target​

    If no target is set for the GitRepo then the default targets value is applied. The default targets value is as below.

    targets:
    - name: default
      clusterGroup: default

    This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default -and add clusters to it.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +and add clusters to it.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/imagescan.html b/imagescan.html index 127dd6afc..132544125 100644 --- a/imagescan.html +++ b/imagescan.html @@ -4,15 +4,15 @@ Image scan | Fleet - +
    Version: Next 🚧

    Image scan

    Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository, without the need to manually update your manifests.

    caution

    This feature is considered as experimental feature.

    Go to fleet.yaml and add the following section.

    imageScans:
    # specify the policy to retrieve images, can be semver or alphabetical order 
    - policy: 
        # if range is specified, it will take the latest image according to semver order in the range
        # for more details on how to use semver, see https://github.com/Masterminds/semver
        semver: 
          range: "*" 
        # can use ascending or descending order
        alphabetical:
          order: asc 

      # specify images to scan
      image: "your.registry.com/repo/image" 

      # Specify the tag name, it has to be unique in the same bundle
      tagName: test-scan

      # specify secret to pull image if in private registry
      secretRef:
        name: dockerhub-secret 

      # Specify the scan interval
      interval: 5m
    info

    You can create multiple image scans in fleet.yaml.

    Go to your manifest files and update the field that you want to replace. For example:

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: redis-slave
    spec:
      selector:
        matchLabels:
          app: redis
          role: slave
          tier: backend
      replicas: 2
      template:
        metadata:
          labels:
            app: redis
            role: slave
            tier: backend
        spec:
          containers:
          - name: slave
            image: <image>:<tag> # {"$imagescan": "test-scan"}
            resources:
              requests:
                cpu: 100m
                memory: 100Mi
            ports:
            - containerPort: 6379
    note

    There are multiple form of tagName you can reference. For example

    {"$imagescan": "test-scan"}: Use full image name(foo/bar:tag)

    {"$imagescan": "test-scan:name"}: Only use image name without tag(foo/bar)

    {"$imagescan": "test-scan:tag"}: Only use image tag

    {"$imagescan": "test-scan:digest"}: Use full image name with digest(foo/bar:tag@sha256...)

    Create a GitRepo that includes your fleet.yaml

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: my-repo
      namespace: fleet-local
    spec:
      # change this to be your own repo
      repo: https://github.com/rancher/fleet-examples 
      # define how long it will sync all the images and decide to apply change
      imageScanInterval: 5m 
      # user must properly provide a secret that have write access to git repository
      clientSecretName: secret 
      # specify the commit pattern
      imageScanCommit:
        authorName: foo
        authorEmail: foo@bar.com
        messageTemplate: "update image"

    Try pushing a new image tag, for example, <image>:<new-tag>. Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml. -Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/index.html b/index.html index 15b6dda71..d199e34a3 100644 --- a/index.html +++ b/index.html @@ -4,13 +4,13 @@ Overview | Fleet - +
    -
    Version: Next 🚧

    Overview

    What is Fleet?​

    • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

    • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability.

    Configuration Management​

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Version: Next 🚧

    Overview

    What is Fleet?​

    • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

    • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability.

    Configuration Management​

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/installation.html b/installation.html index afde740ed..06edfecaa 100644 --- a/installation.html +++ b/installation.html @@ -4,7 +4,7 @@ Installation | Fleet - + @@ -13,8 +13,8 @@ Multi-Cluster install. The single cluster install is for if you wish to use GitOps to manage a single cluster, in which case you do not need a centralized manager cluster. In the multi-cluster use case you will setup a centralized manager cluster to which you can register clusters.

    If you are just learning Fleet the single cluster install is the recommended starting -point. After which you can move from single cluster to multi-cluster setup down the line.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +point. After which you can move from single cluster to multi-cluster setup down the line.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/manager-initiated.html b/manager-initiated.html index 3f45fdc63..75c060edb 100644 --- a/manager-initiated.html +++ b/manager-initiated.html @@ -4,7 +4,7 @@ Manager Initiated | Fleet - + @@ -15,8 +15,8 @@ of the kubeconfig secret used in cluster-api. This means you can use cluster-api to create a cluster that is dynamically -registered with Fleet.

    Example​

    Kubeconfig Secret​

    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Cluster​

    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +registered with Fleet.

    Example​

    Kubeconfig Secret​

    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Cluster​

    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/multi-cluster-install.html b/multi-cluster-install.html index e1787c81c..aa92c1bd9 100644 --- a/multi-cluster-install.html +++ b/multi-cluster-install.html @@ -4,7 +4,7 @@ Multi Cluster Install | Fleet - + @@ -34,9 +34,9 @@ well known CA then omit the --cacert ${API_SERVER_CA} part of the c only because the curl command is not setting proper credentials, but this validates that the TLS connection work and the ca.pem is correct for this URL. If you get a SSL certificate problem then the ca.pem is not correct. The contents of the ${API_SERVER_CA} file should look similar to the below

    -----BEGIN CERTIFICATE-----
    MIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2
    ZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda
    MCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49
    AgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E
    0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE
    AwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs
    ciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN
    KDs/pb3fnMTtpA==
    -----END CERTIFICATE-----

    Once you have validated the API server URL and API server CA parameters, install the following two -Helm charts.

    First install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-crd-0.6.0-alpha2.tgz

    Second install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        --set apiServerURL="${API_SERVER_URL}" \
        --set-file apiServerCA="${API_SERVER_CA}" \
        fleet https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-0.6.0-alpha2.tgz

    Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    At this point the Fleet manager should be ready. You can now register clusters and git repos with -the Fleet manager.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +Helm charts.

    First install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-crd-0.6.0-rc.4.tgz

    Second install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        --set apiServerURL="${API_SERVER_URL}" \
        --set-file apiServerCA="${API_SERVER_CA}" \
        fleet https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-0.6.0-rc.4.tgz

    Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    At this point the Fleet manager should be ready. You can now register clusters and git repos with +the Fleet manager.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/multi-tenancy.html b/multi-tenancy.html index dee39523b..dd40a9dbf 100644 --- a/multi-tenancy.html +++ b/multi-tenancy.html @@ -4,15 +4,15 @@ Multi Tenancy | Fleet - +
    Version: Next 🚧

    Multi Tenancy

    Fleet uses Kubernetes RBAC where possible.

    One addition on top of RBAC is the GitRepoRestriction resource, which can be used to control GitRepo resources in a namespace.

    A multi-tenant fleet setup looks like this:

    • tenants don't share namespaces, each tenant has one or more namespaces on the upstream cluster, where they can create GitRepo resources
    • tenants can't deploy cluster wide resources and are limited to a set of -namespaces on downstream clusters
    • clusters are in a separate namespace

    Shared Clusters

    Example Tenant​

    This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace.

    kubectl create serviceaccount fleetuser
    kubectl create namespace project1
    kubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
    kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser

    If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:

    kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
    kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser
    kubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser

    This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces.

    Allow Access to Clusters​

    This assumes all GitRepos created by 'fleetuser' have the team: one label. Different labels could be used, to select different cluster namespaces.

    In each of the user's namespaces, as an admin create a BundleNamespaceMapping.

    kind: BundleNamespaceMapping
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: mapping
      namespace: project1

    # Bundles to match by label.
    # The labels are defined in the fleet.yaml # labels field or from the
    # GitRepo metadata.labels field
    bundleSelector:
      matchLabels:
        team: one
        # or target one repo
        #fleet.cattle.io/repo-name: simpleapp

    # Namespaces, containing clusters, to match by label
    namespaceSelector:
      matchLabels:
        kubernetes.io/metadata.name: fleet-default
        # the label is on the namespace
        #workspace: prod

    The target section in the GitRepo resource can be used to deploy only to a subset of the matched clusters.

    Restricting Access to Downstream Clusters​

    Admins can further restrict tenants by creating a GitRepoRestriction in each of their namespaces.

    kind: GitRepoRestriction
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: restriction
      namespace: project1

    allowedTargetNamespaces:
      - project1simpleapp

    This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace.

    An Example GitRepo Resource​

    A GitRepo resource create by a tenant, without admin access could look like this:

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: simpleapp
      namespace: project1
      labels:
        team: one

    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - bundle-diffs

      targetNamespace: project1simpleapp

      # do not match the upstream/local cluster, won't work
      targets:
      - name: dev
        clusterSelector:
          matchLabels:
            env: dev

    This includes the team: one label and and the required targetNamespace.

    Together with the previous BundleNamespaceMapping it would target all clusters with a env: dev label in the 'fleet-default' namespace.

    note

    BundleNamespaceMappings do not work with local clusters, so make sure not to target them.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +namespaces on downstream clusters
  • clusters are in a separate namespace

    • Shared Clusters

    Example Tenant​

    This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace.

    kubectl create serviceaccount fleetuser
    kubectl create namespace project1
    kubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
    kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser

    If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:

    kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
    kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser
    kubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser

    This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces.

    Allow Access to Clusters​

    This assumes all GitRepos created by 'fleetuser' have the team: one label. Different labels could be used, to select different cluster namespaces.

    In each of the user's namespaces, as an admin create a BundleNamespaceMapping.

    kind: BundleNamespaceMapping
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: mapping
      namespace: project1

    # Bundles to match by label.
    # The labels are defined in the fleet.yaml # labels field or from the
    # GitRepo metadata.labels field
    bundleSelector:
      matchLabels:
        team: one
        # or target one repo
        #fleet.cattle.io/repo-name: simpleapp

    # Namespaces, containing clusters, to match by label
    namespaceSelector:
      matchLabels:
        kubernetes.io/metadata.name: fleet-default
        # the label is on the namespace
        #workspace: prod

    The target section in the GitRepo resource can be used to deploy only to a subset of the matched clusters.

    Restricting Access to Downstream Clusters​

    Admins can further restrict tenants by creating a GitRepoRestriction in each of their namespaces.

    kind: GitRepoRestriction
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: restriction
      namespace: project1

    allowedTargetNamespaces:
      - project1simpleapp

    This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace.

    An Example GitRepo Resource​

    A GitRepo resource create by a tenant, without admin access could look like this:

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: simpleapp
      namespace: project1
      labels:
        team: one

    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - bundle-diffs

      targetNamespace: project1simpleapp

      # do not match the upstream/local cluster, won't work
      targets:
      - name: dev
        clusterSelector:
          matchLabels:
            env: dev

    This includes the team: one label and and the required targetNamespace.

    Together with the previous BundleNamespaceMapping it would target all clusters with a env: dev label in the 'fleet-default' namespace.

    note

    BundleNamespaceMappings do not work with local clusters, so make sure not to target them.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/namespaces.html b/namespaces.html index 5df1ea63d..3e9cb75a8 100644 --- a/namespaces.html +++ b/namespaces.html @@ -4,7 +4,7 @@ Namespaces | Fleet - + @@ -39,8 +39,8 @@ in an error state and won't be deployed.

    This can also be used to set If an allowedTargetNamespaces restriction is present, all GitRepos must specify a targetNamespace and the specified namespace must be in the allow list. -This also prevents the creation of cluster wide resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +This also prevents the creation of cluster wide resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/quickstart.html b/quickstart.html index 85b155e52..af0867279 100644 --- a/quickstart.html +++ b/quickstart.html @@ -4,15 +4,15 @@ Quick Start | Fleet - +
    Version: Next 🚧

    Quick Start

    Who needs documentation, lets just run this thing!

    Install​

    Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure -things to your cluster.

    brew install helm

    Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-crd-0.6.0-alpha2.tgz
    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-0.6.0-alpha2.tgz

    Add a Git Repo to watch​

    Change spec.repo to your git repo of choice. Kubernetes manifest files that should -be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be ran in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +things to your cluster.

    brew install helm

    Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-crd-0.6.0-rc.4.tgz
    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-0.6.0-rc.4.tgz

    Add a Git Repo to watch​

    Change spec.repo to your git repo of choice. Kubernetes manifest files that should +be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be ran in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/ref-bundle-stages.html b/ref-bundle-stages.html index edfafbe2f..4319436e9 100644 --- a/ref-bundle-stages.html +++ b/ref-bundle-stages.html @@ -4,13 +4,13 @@ Bundle Rendering Stages | Fleet - +
    -
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/ref-components.html b/ref-components.html index 9b11121f8..5146d7751 100644 --- a/ref-components.html +++ b/ref-components.html @@ -4,13 +4,13 @@ Components | Fleet - +
    -
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/ref-configuration.html b/ref-configuration.html index ba417fc56..74872bc18 100644 --- a/ref-configuration.html +++ b/ref-configuration.html @@ -4,13 +4,13 @@ Configuration | Fleet - +
    -
    Version: Next 🚧

    Configuration

    A reference list of, mostly internal, configuration options.

    Helm Charts​

    The Helm charts accept, at least, the options as shown with their default in values.yaml:

    Environment Variables​

    The controllers can be started with these environment variables:

    • CATTLE_DEV_MODE - used to debug wrangler, not usable
    • FLEET_CLUSTER_ENQUEUE_DELAY - tune how often non-ready clusters are checked
    • FLEET_CPU_PPROF_PERIOD - used to turn on performance profiling

    Configuration​

    In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments.

    The config struct is used in both config maps:

    • cattle-fleet-system/fleet-agent
    • cattle-fleet-system/fleet-controller

    Labels​

    Labels used by fleet:

    • fleet.cattle.io/agent=true - NodeSelector label for agent's deployment affinity setting
    • fleet.cattle.io/non-managed-agent - managed agent bundle won't target Clusters with this label
    • fleet.cattle.io/repo-name - used on Bundle to reference the git repo resource
    • fleet.cattle.io/bundle-namespace - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/bundle-name - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/managed=true - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces.
    • fleet.cattle.io/bootstrap-token - unused

    Annotations​

    Annotations used by fleet:

    • fleet.cattle.io/agent-namespace
    • fleet.cattle.io/bundle-id
    • fleet.cattle.io/cluster, fleet.cattle.io/cluster-namespace - if present on a Cluster, the namespace won't be cleaned up
    • fleet.cattle.io/cluster, fleet.cattle.io/cluster-namespace - used on a cluster namespace to reference the cluster registration namespace
    • fleet.cattle.io/cluster-group
    • fleet.cattle.io/cluster-registration-namespace
    • fleet.cattle.io/cluster-registration
    • fleet.cattle.io/commit
    • fleet.cattle.io/managed - appears unused
    • fleet.cattle.io/service-account
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Version: Next 🚧

    Configuration

    A reference list of, mostly internal, configuration options.

    Helm Charts​

    The Helm charts accept, at least, the options as shown with their default in values.yaml:

    Environment Variables​

    The controllers can be started with these environment variables:

    • CATTLE_DEV_MODE - used to debug wrangler, not usable
    • FLEET_CLUSTER_ENQUEUE_DELAY - tune how often non-ready clusters are checked
    • FLEET_CPU_PPROF_PERIOD - used to turn on performance profiling

    Configuration​

    In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments.

    The config struct is used in both config maps:

    • cattle-fleet-system/fleet-agent
    • cattle-fleet-system/fleet-controller

    Labels​

    Labels used by fleet:

    • fleet.cattle.io/agent=true - NodeSelector label for agent's deployment affinity setting
    • fleet.cattle.io/non-managed-agent - managed agent bundle won't target Clusters with this label
    • fleet.cattle.io/repo-name - used on Bundle to reference the git repo resource
    • fleet.cattle.io/bundle-namespace - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/bundle-name - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/managed=true - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces.
    • fleet.cattle.io/bootstrap-token - unused

    Annotations​

    Annotations used by fleet:

    • fleet.cattle.io/agent-namespace
    • fleet.cattle.io/bundle-id
    • fleet.cattle.io/cluster, fleet.cattle.io/cluster-namespace - if present on a Cluster, the namespace won't be cleaned up
    • fleet.cattle.io/cluster, fleet.cattle.io/cluster-namespace - used on a cluster namespace to reference the cluster registration namespace
    • fleet.cattle.io/cluster-group
    • fleet.cattle.io/cluster-registration-namespace
    • fleet.cattle.io/cluster-registration
    • fleet.cattle.io/commit
    • fleet.cattle.io/managed - appears unused
    • fleet.cattle.io/service-account
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/ref-crd-gitrepo.html b/ref-crd-gitrepo.html index 5a61bf835..832f2de81 100644 --- a/ref-crd-gitrepo.html +++ b/ref-crd-gitrepo.html @@ -4,13 +4,13 @@ GitRepo CRD | Fleet - +
    -
    Version: Next 🚧

    GitRepo CRD

    The GitRepo resource describes git repositories, how to access them and where the bundles are located.

    A full reference with explanations can be found in Adding a GitRepo.

    The content of the resource corresponds to the GitRepoSpec.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Version: Next 🚧

    GitRepo CRD

    The GitRepo resource describes git repositories, how to access them and where the bundles are located.

    A full reference with explanations can be found in Adding a GitRepo.

    The content of the resource corresponds to the GitRepoSpec.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/ref-crds.html b/ref-crds.html index b3af173b2..87ad23d67 100644 --- a/ref-crds.html +++ b/ref-crds.html @@ -4,13 +4,13 @@ Custom Resources | Fleet - +
    -
    Version: Next 🚧

    Custom Resources

    Sub Resources

    GitRepo​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specGitRepoSpecfalse
    statusGitRepoStatusfalse

    Back to Custom Resources

    GitRepoDisplay​

    FieldDescriptionSchemeRequired
    readyBundleDeploymentsstringfalse
    statestringfalse
    messagestringfalse
    errorboolfalse

    Back to Custom Resources

    GitRepoResource​

    FieldDescriptionSchemeRequired
    apiVersionstringfalse
    kindstringfalse
    typestringfalse
    idstringfalse
    namespacestringfalse
    namestringfalse
    incompleteStateboolfalse
    statestringfalse
    errorboolfalse
    transitioningboolfalse
    messagestringfalse
    perClusterState[][ResourcePerClusterState](#resourceperclusterstate)false

    Back to Custom Resources

    GitRepoResourceCounts​

    FieldDescriptionSchemeRequired
    readyinttrue
    desiredReadyinttrue
    waitAppliedinttrue
    modifiedinttrue
    orphanedinttrue
    missinginttrue
    unknowninttrue
    notReadyinttrue

    Back to Custom Resources

    GitRepoRestriction​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    defaultServiceAccountstringfalse
    allowedServiceAccounts[]stringfalse
    allowedRepoPatterns[]stringfalse
    defaultClientSecretNamestringfalse
    allowedClientSecretNames[]stringfalse
    allowedTargetNamespaces[]stringfalse

    Back to Custom Resources

    GitRepoSpec​

    FieldDescriptionSchemeRequired
    repoRepo is a URL to a git repo to clone and indexstringfalse
    branchBranch The git branch to followstringfalse
    revisionRevision A specific commit or tag to operate onstringfalse
    targetNamespaceEnsure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demandstringfalse
    clientSecretNameClientSecretName is the client secret to be used to connect to the repo It is expected the secret be of type \"kubernetes.io/basic-auth\" or \"kubernetes.io/ssh-auth\".stringfalse
    helmSecretNameHelmSecretName contains the auth secret for private helm repositorystringfalse
    caBundleCABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate.[]bytefalse
    insecureSkipTLSVerifyInsecureSkipTLSverify will use insecure HTTPS to clone the repo.boolfalse
    pathsPaths is the directories relative to the git repo root that contain resources to be applied. Path globbing is support, for example [\"charts/*\"] will match all folders as a subdirectory of charts/ If empty, \"/\" is the default[]stringfalse
    pausedPaused this cause changes in Git to not be propagated down to the clusters but instead mark resources as OutOfSyncboolfalse
    serviceAccountServiceAccount used in the downstream cluster for deploymentstringfalse
    targetsTargets is a list of target this repo will deploy to[][GitTarget](#gittarget)false
    pollingIntervalPollingInterval is how often to check git for new updates*metav1.Durationfalse
    forceSyncGenerationIncrement this number to force a redeployment of contents from Gitint64false
    imageScanIntervalImageScanInterval is the interval of syncing scanned images and writing back to git repo*metav1.Durationfalse
    imageScanCommitCommit specifies how to commit to the git repo when new image is scanned and write back to git repoCommitSpecfalse

    Back to Custom Resources

    GitRepoStatus​

    FieldDescriptionSchemeRequired
    observedGenerationint64true
    commitstringfalse
    readyClustersinttrue
    desiredReadyClustersinttrue
    gitJobStatusstringfalse
    summaryBundleSummaryfalse
    displayGitRepoDisplayfalse
    conditions[]genericcondition.GenericConditionfalse
    resources[][GitRepoResource](#gitreporesource)false
    resourceCountsGitRepoResourceCountsfalse
    resourceErrors[]stringfalse
    lastSyncedImageScanTimemetav1.Timefalse

    Back to Custom Resources

    GitTarget​

    FieldDescriptionSchemeRequired
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ResourcePerClusterState​

    FieldDescriptionSchemeRequired
    statestringfalse
    errorboolfalse
    transitioningboolfalse
    messagestringfalse
    patch*GenericMapfalse
    clusterIdstringfalse

    Back to Custom Resources

    Bundle​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleSpectrue
    statusBundleStatustrue

    Back to Custom Resources

    BundleDeployment​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleDeploymentSpecfalse
    statusBundleDeploymentStatusfalse

    Back to Custom Resources

    BundleDeploymentDisplay​

    FieldDescriptionSchemeRequired
    deployedstringfalse
    monitoredstringfalse
    statestringfalse

    Back to Custom Resources

    BundleDeploymentOptions​

    FieldDescriptionSchemeRequired
    defaultNamespacestringfalse
    namespacestringfalse
    kustomize*KustomizeOptionsfalse
    helm*HelmOptionsfalse
    serviceAccountstringfalse
    forceSyncGenerationint64false
    yaml*YAMLOptionsfalse
    diff*DiffOptionsfalse

    Back to Custom Resources

    BundleDeploymentSpec​

    FieldDescriptionSchemeRequired
    stagedOptionsBundleDeploymentOptionsfalse
    stagedDeploymentIDstringfalse
    optionsBundleDeploymentOptionsfalse
    deploymentIDstringfalse
    dependsOn[][BundleRef](#bundleref)false

    Back to Custom Resources

    BundleDeploymentStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    appliedDeploymentIDstringfalse
    releasestringfalse
    readyboolfalse
    nonModifiedboolfalse
    nonReadyStatus[][NonReadyStatus](#nonreadystatus)false
    modifiedStatus[][ModifiedStatus](#modifiedstatus)false
    displayBundleDeploymentDisplayfalse
    syncGeneration*int64false

    Back to Custom Resources

    BundleDisplay​

    FieldDescriptionSchemeRequired
    readyClustersstringfalse
    statestringfalse

    Back to Custom Resources

    BundleNamespaceMapping​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    bundleSelector*metav1.LabelSelectorfalse
    namespaceSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleRef​

    FieldDescriptionSchemeRequired
    namestringfalse
    selector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleResource​

    FieldDescriptionSchemeRequired
    namestringfalse
    contentstringfalse
    encodingstringfalse

    Back to Custom Resources

    BundleSpec​

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    pausedboolfalse
    rolloutStrategy*RolloutStrategyfalse
    resources[][BundleResource](#bundleresource)false
    targets[][BundleTarget](#bundletarget)false
    targetRestrictions[][BundleTargetRestriction](#bundletargetrestriction)false
    dependsOn[][BundleRef](#bundleref)false

    Back to Custom Resources

    BundleStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    summaryBundleSummaryfalse
    newlyCreatedintfalse
    unavailableinttrue
    unavailablePartitionsinttrue
    maxUnavailableinttrue
    maxUnavailablePartitionsinttrue
    maxNewintfalse
    partitions[][PartitionStatus](#partitionstatus)false
    displayBundleDisplayfalse
    resourceKey[][ResourceKey](#resourcekey)false
    observedGenerationint64true

    Back to Custom Resources

    BundleSummary​

    FieldDescriptionSchemeRequired
    notReadyintfalse
    waitAppliedintfalse
    errAppliedintfalse
    outOfSyncintfalse
    modifiedintfalse
    readyinttrue
    pendingintfalse
    desiredReadyinttrue
    nonReadyResources[][NonReadyResource](#nonreadyresource)false

    Back to Custom Resources

    BundleTarget​

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleTargetRestriction​

    FieldDescriptionSchemeRequired
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ComparePatch​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    operations[][Operation](#operation)false
    jsonPointers[]stringfalse

    Back to Custom Resources

    ConfigMapKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    Content​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    content[]bytefalse

    Back to Custom Resources

    DiffOptions​

    FieldDescriptionSchemeRequired
    comparePatches[][ComparePatch](#comparepatch)false

    Back to Custom Resources

    HelmOptions​

    FieldDescriptionSchemeRequired
    chartstringfalse
    repostringfalse
    releaseNamestringfalse
    versionstringfalse
    timeoutSecondsintfalse
    values*GenericMapfalse
    valuesFrom[][ValuesFrom](#valuesfrom)false
    forceboolfalse
    takeOwnershipboolfalse
    maxHistoryintfalse
    valuesFiles[]stringfalse
    atomicAtomic sets the --atomic flag when Helm is performing an upgradeboolfalse

    Back to Custom Resources

    KustomizeOptions​

    FieldDescriptionSchemeRequired
    dirstringfalse

    Back to Custom Resources

    LocalObjectReference​

    FieldDescriptionSchemeRequired
    namestringtrue

    Back to Custom Resources

    ModifiedStatus​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    missingboolfalse
    deleteboolfalse
    patchstringfalse

    Back to Custom Resources

    NonReadyResource​

    FieldDescriptionSchemeRequired
    namestringfalse
    bundleStateBundleStatefalse
    messagestringfalse
    modifiedStatus[][ModifiedStatus](#modifiedstatus)false
    nonReadyStatus[][NonReadyStatus](#nonreadystatus)false

    Back to Custom Resources

    NonReadyStatus​

    FieldDescriptionSchemeRequired
    uidtypes.UIDfalse
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    summarysummary.Summaryfalse

    Back to Custom Resources

    Operation​

    FieldDescriptionSchemeRequired
    opstringfalse
    pathstringfalse
    valuestringfalse

    Back to Custom Resources

    Partition​

    FieldDescriptionSchemeRequired
    namestringfalse
    maxUnavailable*intstr.IntOrStringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    PartitionStatus​

    FieldDescriptionSchemeRequired
    namestringfalse
    countintfalse
    maxUnavailableintfalse
    unavailableintfalse
    summaryBundleSummaryfalse

    Back to Custom Resources

    ResourceKey​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse

    Back to Custom Resources

    RolloutStrategy​

    FieldDescriptionSchemeRequired
    maxUnavailable*intstr.IntOrStringfalse
    maxUnavailablePartitions*intstr.IntOrStringfalse
    autoPartitionSize*intstr.IntOrStringfalse
    partitions[][Partition](#partition)false

    Back to Custom Resources

    SecretKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    ValuesFrom​

    Define helm values that can come from configmap, secret or external. Credit: https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439

    FieldDescriptionSchemeRequired
    configMapKeyRefThe reference to a config map with release values.*ConfigMapKeySelectorfalse
    secretKeyRefThe reference to a secret with release values.*SecretKeySelectorfalse

    Back to Custom Resources

    YAMLOptions​

    FieldDescriptionSchemeRequired
    overlays[]stringfalse

    Back to Custom Resources

    AlphabeticalPolicy​

    AlphabeticalPolicy specifices a alphabetical ordering policy.

    FieldDescriptionSchemeRequired
    orderOrder specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A.stringfalse

    Back to Custom Resources

    CommitSpec​

    CommitSpec specifies how to commit changes to the git repository

    FieldDescriptionSchemeRequired
    authorNameAuthorName gives the name to provide when making a commitstringtrue
    authorEmailAuthorEmail gives the email to provide when making a commitstringtrue
    messageTemplateMessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made.stringfalse

    Back to Custom Resources

    ImagePolicyChoice​

    ImagePolicyChoice is a union of all the types of policy that can be supplied.

    FieldDescriptionSchemeRequired
    semverSemVer gives a semantic version range to check against the tags available.*SemVerPolicyfalse
    alphabeticalAlphabetical set of rules to use for alphabetical ordering of the tags.*AlphabeticalPolicyfalse

    Back to Custom Resources

    ImageScan​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specImageScanSpecfalse
    statusImageScanStatusfalse

    Back to Custom Resources

    ImageScanSpec​

    API is taken from https://github.com/fluxcd/image-reflector-controller

    FieldDescriptionSchemeRequired
    tagNameTagName is the tag ref that needs to be put in manifest to replace fieldsstringfalse
    gitrepoNameGitRepo reference namestringfalse
    imageImage is the name of the image repositorystringfalse
    intervalInterval is the length of time to wait between scans of the image repository.metav1.Durationfalse
    secretRefSecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with kubectl create secret docker-registry, or the equivalent.*corev1.LocalObjectReferencefalse
    suspendThis flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false.boolfalse
    policyPolicy gives the particulars of the policy to be followed in selecting the most recent imageImagePolicyChoicetrue

    Back to Custom Resources

    ImageScanStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    lastScanTimeLastScanTime is the last time image was scannedmetav1.Timefalse
    latestImageLatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy.stringfalse
    latestTagLatest tag is the latest tag filtered by the policystringfalse
    latestDigestLatestDigest is the digest of latest tagstringfalse
    observedGenerationint64false
    canonicalImageNameCannonicalName is the name of the image repository with all the implied bits made explicit; e.g., docker.io/library/alpine rather than alpine.stringfalse

    Back to Custom Resources

    SemVerPolicy​

    SemVerPolicy specifices a semantic version policy.

    FieldDescriptionSchemeRequired
    rangeRange gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image.stringtrue

    Back to Custom Resources

    AgentStatus​

    FieldDescriptionSchemeRequired
    lastSeenmetav1.Timetrue
    namespacestringtrue
    nonReadyNodesinttrue
    readyNodesinttrue
    nonReadyNodeNamesAt most 3 nodes[]stringtrue
    readyNodeNamesAt most 3 nodes[]stringtrue

    Back to Custom Resources

    Cluster​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterSpecfalse
    statusClusterStatusfalse

    Back to Custom Resources

    ClusterDisplay​

    FieldDescriptionSchemeRequired
    readyBundlesstringfalse
    readyNodesstringfalse
    sampleNodestringfalse
    statestringfalse

    Back to Custom Resources

    ClusterGroup​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterGroupSpectrue
    statusClusterGroupStatustrue

    Back to Custom Resources

    ClusterGroupDisplay​

    FieldDescriptionSchemeRequired
    readyClustersstringfalse
    readyBundlesstringfalse
    statestringfalse

    Back to Custom Resources

    ClusterGroupSpec​

    FieldDescriptionSchemeRequired
    selector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ClusterGroupStatus​

    FieldDescriptionSchemeRequired
    clusterCountinttrue
    nonReadyClusterCountinttrue
    nonReadyClusters[]stringfalse
    conditions[]genericcondition.GenericConditionfalse
    summaryBundleSummaryfalse
    displayClusterGroupDisplayfalse
    resourceCountsGitRepoResourceCountsfalse

    Back to Custom Resources

    ClusterRegistration​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationSpecfalse
    statusClusterRegistrationStatusfalse

    Back to Custom Resources

    ClusterRegistrationSpec​

    FieldDescriptionSchemeRequired
    clientIDstringfalse
    clientRandomstringfalse
    clusterLabelsmap[string]stringfalse

    Back to Custom Resources

    ClusterRegistrationStatus​

    FieldDescriptionSchemeRequired
    clusterNamestringfalse
    grantedboolfalse

    Back to Custom Resources

    ClusterRegistrationToken​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationTokenSpecfalse
    statusClusterRegistrationTokenStatusfalse

    Back to Custom Resources

    ClusterRegistrationTokenSpec​

    FieldDescriptionSchemeRequired
    ttl*metav1.Durationfalse

    Back to Custom Resources

    ClusterRegistrationTokenStatus​

    FieldDescriptionSchemeRequired
    expires*metav1.Timefalse
    secretNamestringfalse

    Back to Custom Resources

    ClusterSpec​

    FieldDescriptionSchemeRequired
    pausedboolfalse
    clientIDstringfalse
    kubeConfigSecretstringfalse
    redeployAgentGenerationint64false
    agentEnvVars[]v1.EnvVarfalse
    agentNamespaceAgentNamespace defaults to the system namespace, e.g. cattle-fleet-systemstringfalse
    privateRepoURLstringfalse

    Back to Custom Resources

    ClusterStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    namespaceNamespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\"stringfalse
    summaryBundleSummaryfalse
    resourceCountsGitRepoResourceCountsfalse
    readyGitReposinttrue
    desiredReadyGitReposinttrue
    agentEnvVarsHashstringfalse
    agentPrivateRepoURLstringfalse
    agentDeployedGeneration*int64false
    agentMigratedboolfalse
    agentNamespaceMigratedboolfalse
    cattleNamespaceMigratedboolfalse
    displayClusterDisplayfalse
    agentAgentStatusfalse

    Back to Custom Resources

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Version: Next 🚧

    Custom Resources

    Sub Resources

    GitRepo​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specGitRepoSpecfalse
    statusGitRepoStatusfalse

    Back to Custom Resources

    GitRepoDisplay​

    FieldDescriptionSchemeRequired
    readyBundleDeploymentsstringfalse
    statestringfalse
    messagestringfalse
    errorboolfalse

    Back to Custom Resources

    GitRepoResource​

    FieldDescriptionSchemeRequired
    apiVersionstringfalse
    kindstringfalse
    typestringfalse
    idstringfalse
    namespacestringfalse
    namestringfalse
    incompleteStateboolfalse
    statestringfalse
    errorboolfalse
    transitioningboolfalse
    messagestringfalse
    perClusterState[][ResourcePerClusterState](#resourceperclusterstate)false

    Back to Custom Resources

    GitRepoResourceCounts​

    FieldDescriptionSchemeRequired
    readyinttrue
    desiredReadyinttrue
    waitAppliedinttrue
    modifiedinttrue
    orphanedinttrue
    missinginttrue
    unknowninttrue
    notReadyinttrue

    Back to Custom Resources

    GitRepoRestriction​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    defaultServiceAccountstringfalse
    allowedServiceAccounts[]stringfalse
    allowedRepoPatterns[]stringfalse
    defaultClientSecretNamestringfalse
    allowedClientSecretNames[]stringfalse
    allowedTargetNamespaces[]stringfalse

    Back to Custom Resources

    GitRepoSpec​

    FieldDescriptionSchemeRequired
    repoRepo is a URL to a git repo to clone and indexstringfalse
    branchBranch The git branch to followstringfalse
    revisionRevision A specific commit or tag to operate onstringfalse
    targetNamespaceEnsure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demandstringfalse
    clientSecretNameClientSecretName is the client secret to be used to connect to the repo It is expected the secret be of type \"kubernetes.io/basic-auth\" or \"kubernetes.io/ssh-auth\".stringfalse
    helmSecretNameHelmSecretName contains the auth secret for private helm repositorystringfalse
    caBundleCABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate.[]bytefalse
    insecureSkipTLSVerifyInsecureSkipTLSverify will use insecure HTTPS to clone the repo.boolfalse
    pathsPaths is the directories relative to the git repo root that contain resources to be applied. Path globbing is support, for example [\"charts/*\"] will match all folders as a subdirectory of charts/ If empty, \"/\" is the default[]stringfalse
    pausedPaused this cause changes in Git to not be propagated down to the clusters but instead mark resources as OutOfSyncboolfalse
    serviceAccountServiceAccount used in the downstream cluster for deploymentstringfalse
    targetsTargets is a list of target this repo will deploy to[][GitTarget](#gittarget)false
    pollingIntervalPollingInterval is how often to check git for new updates*metav1.Durationfalse
    forceSyncGenerationIncrement this number to force a redeployment of contents from Gitint64false
    imageScanIntervalImageScanInterval is the interval of syncing scanned images and writing back to git repo*metav1.Durationfalse
    imageScanCommitCommit specifies how to commit to the git repo when new image is scanned and write back to git repoCommitSpecfalse

    Back to Custom Resources

    GitRepoStatus​

    FieldDescriptionSchemeRequired
    observedGenerationint64true
    commitstringfalse
    readyClustersinttrue
    desiredReadyClustersinttrue
    gitJobStatusstringfalse
    summaryBundleSummaryfalse
    displayGitRepoDisplayfalse
    conditions[]genericcondition.GenericConditionfalse
    resources[][GitRepoResource](#gitreporesource)false
    resourceCountsGitRepoResourceCountsfalse
    resourceErrors[]stringfalse
    lastSyncedImageScanTimemetav1.Timefalse

    Back to Custom Resources

    GitTarget​

    FieldDescriptionSchemeRequired
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ResourcePerClusterState​

    FieldDescriptionSchemeRequired
    statestringfalse
    errorboolfalse
    transitioningboolfalse
    messagestringfalse
    patch*GenericMapfalse
    clusterIdstringfalse

    Back to Custom Resources

    Bundle​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleSpectrue
    statusBundleStatustrue

    Back to Custom Resources

    BundleDeployment​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleDeploymentSpecfalse
    statusBundleDeploymentStatusfalse

    Back to Custom Resources

    BundleDeploymentDisplay​

    FieldDescriptionSchemeRequired
    deployedstringfalse
    monitoredstringfalse
    statestringfalse

    Back to Custom Resources

    BundleDeploymentOptions​

    FieldDescriptionSchemeRequired
    defaultNamespacestringfalse
    namespacestringfalse
    kustomize*KustomizeOptionsfalse
    helm*HelmOptionsfalse
    serviceAccountstringfalse
    forceSyncGenerationint64false
    yaml*YAMLOptionsfalse
    diff*DiffOptionsfalse

    Back to Custom Resources

    BundleDeploymentSpec​

    FieldDescriptionSchemeRequired
    stagedOptionsBundleDeploymentOptionsfalse
    stagedDeploymentIDstringfalse
    optionsBundleDeploymentOptionsfalse
    deploymentIDstringfalse
    dependsOn[][BundleRef](#bundleref)false

    Back to Custom Resources

    BundleDeploymentStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    appliedDeploymentIDstringfalse
    releasestringfalse
    readyboolfalse
    nonModifiedboolfalse
    nonReadyStatus[][NonReadyStatus](#nonreadystatus)false
    modifiedStatus[][ModifiedStatus](#modifiedstatus)false
    displayBundleDeploymentDisplayfalse
    syncGeneration*int64false

    Back to Custom Resources

    BundleDisplay​

    FieldDescriptionSchemeRequired
    readyClustersstringfalse
    statestringfalse

    Back to Custom Resources

    BundleNamespaceMapping​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    bundleSelector*metav1.LabelSelectorfalse
    namespaceSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleRef​

    FieldDescriptionSchemeRequired
    namestringfalse
    selector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleResource​

    FieldDescriptionSchemeRequired
    namestringfalse
    contentstringfalse
    encodingstringfalse

    Back to Custom Resources

    BundleSpec​

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    pausedboolfalse
    rolloutStrategy*RolloutStrategyfalse
    resources[][BundleResource](#bundleresource)false
    targets[][BundleTarget](#bundletarget)false
    targetRestrictions[][BundleTargetRestriction](#bundletargetrestriction)false
    dependsOn[][BundleRef](#bundleref)false

    Back to Custom Resources

    BundleStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    summaryBundleSummaryfalse
    newlyCreatedintfalse
    unavailableinttrue
    unavailablePartitionsinttrue
    maxUnavailableinttrue
    maxUnavailablePartitionsinttrue
    maxNewintfalse
    partitions[][PartitionStatus](#partitionstatus)false
    displayBundleDisplayfalse
    resourceKey[][ResourceKey](#resourcekey)false
    observedGenerationint64true

    Back to Custom Resources

    BundleSummary​

    FieldDescriptionSchemeRequired
    notReadyintfalse
    waitAppliedintfalse
    errAppliedintfalse
    outOfSyncintfalse
    modifiedintfalse
    readyinttrue
    pendingintfalse
    desiredReadyinttrue
    nonReadyResources[][NonReadyResource](#nonreadyresource)false

    Back to Custom Resources

    BundleTarget​

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleTargetRestriction​

    FieldDescriptionSchemeRequired
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ComparePatch​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    operations[][Operation](#operation)false
    jsonPointers[]stringfalse

    Back to Custom Resources

    ConfigMapKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    Content​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    content[]bytefalse

    Back to Custom Resources

    DiffOptions​

    FieldDescriptionSchemeRequired
    comparePatches[][ComparePatch](#comparepatch)false

    Back to Custom Resources

    HelmOptions​

    FieldDescriptionSchemeRequired
    chartstringfalse
    repostringfalse
    releaseNamestringfalse
    versionstringfalse
    timeoutSecondsintfalse
    values*GenericMapfalse
    valuesFrom[][ValuesFrom](#valuesfrom)false
    forceboolfalse
    takeOwnershipboolfalse
    maxHistoryintfalse
    valuesFiles[]stringfalse
    atomicAtomic sets the --atomic flag when Helm is performing an upgradeboolfalse

    Back to Custom Resources

    KustomizeOptions​

    FieldDescriptionSchemeRequired
    dirstringfalse

    Back to Custom Resources

    LocalObjectReference​

    FieldDescriptionSchemeRequired
    namestringtrue

    Back to Custom Resources

    ModifiedStatus​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    missingboolfalse
    deleteboolfalse
    patchstringfalse

    Back to Custom Resources

    NonReadyResource​

    FieldDescriptionSchemeRequired
    namestringfalse
    bundleStateBundleStatefalse
    messagestringfalse
    modifiedStatus[][ModifiedStatus](#modifiedstatus)false
    nonReadyStatus[][NonReadyStatus](#nonreadystatus)false

    Back to Custom Resources

    NonReadyStatus​

    FieldDescriptionSchemeRequired
    uidtypes.UIDfalse
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    summarysummary.Summaryfalse

    Back to Custom Resources

    Operation​

    FieldDescriptionSchemeRequired
    opstringfalse
    pathstringfalse
    valuestringfalse

    Back to Custom Resources

    Partition​

    FieldDescriptionSchemeRequired
    namestringfalse
    maxUnavailable*intstr.IntOrStringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    PartitionStatus​

    FieldDescriptionSchemeRequired
    namestringfalse
    countintfalse
    maxUnavailableintfalse
    unavailableintfalse
    summaryBundleSummaryfalse

    Back to Custom Resources

    ResourceKey​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse

    Back to Custom Resources

    RolloutStrategy​

    FieldDescriptionSchemeRequired
    maxUnavailable*intstr.IntOrStringfalse
    maxUnavailablePartitions*intstr.IntOrStringfalse
    autoPartitionSize*intstr.IntOrStringfalse
    partitions[][Partition](#partition)false

    Back to Custom Resources

    SecretKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    ValuesFrom​

    Define helm values that can come from configmap, secret or external. Credit: https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439

    FieldDescriptionSchemeRequired
    configMapKeyRefThe reference to a config map with release values.*ConfigMapKeySelectorfalse
    secretKeyRefThe reference to a secret with release values.*SecretKeySelectorfalse

    Back to Custom Resources

    YAMLOptions​

    FieldDescriptionSchemeRequired
    overlays[]stringfalse

    Back to Custom Resources

    AlphabeticalPolicy​

    AlphabeticalPolicy specifices a alphabetical ordering policy.

    FieldDescriptionSchemeRequired
    orderOrder specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A.stringfalse

    Back to Custom Resources

    CommitSpec​

    CommitSpec specifies how to commit changes to the git repository

    FieldDescriptionSchemeRequired
    authorNameAuthorName gives the name to provide when making a commitstringtrue
    authorEmailAuthorEmail gives the email to provide when making a commitstringtrue
    messageTemplateMessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made.stringfalse

    Back to Custom Resources

    ImagePolicyChoice​

    ImagePolicyChoice is a union of all the types of policy that can be supplied.

    FieldDescriptionSchemeRequired
    semverSemVer gives a semantic version range to check against the tags available.*SemVerPolicyfalse
    alphabeticalAlphabetical set of rules to use for alphabetical ordering of the tags.*AlphabeticalPolicyfalse

    Back to Custom Resources

    ImageScan​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specImageScanSpecfalse
    statusImageScanStatusfalse

    Back to Custom Resources

    ImageScanSpec​

    API is taken from https://github.com/fluxcd/image-reflector-controller

    FieldDescriptionSchemeRequired
    tagNameTagName is the tag ref that needs to be put in manifest to replace fieldsstringfalse
    gitrepoNameGitRepo reference namestringfalse
    imageImage is the name of the image repositorystringfalse
    intervalInterval is the length of time to wait between scans of the image repository.metav1.Durationfalse
    secretRefSecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with kubectl create secret docker-registry, or the equivalent.*corev1.LocalObjectReferencefalse
    suspendThis flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false.boolfalse
    policyPolicy gives the particulars of the policy to be followed in selecting the most recent imageImagePolicyChoicetrue

    Back to Custom Resources

    ImageScanStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    lastScanTimeLastScanTime is the last time image was scannedmetav1.Timefalse
    latestImageLatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy.stringfalse
    latestTagLatest tag is the latest tag filtered by the policystringfalse
    latestDigestLatestDigest is the digest of latest tagstringfalse
    observedGenerationint64false
    canonicalImageNameCannonicalName is the name of the image repository with all the implied bits made explicit; e.g., docker.io/library/alpine rather than alpine.stringfalse

    Back to Custom Resources

    SemVerPolicy​

    SemVerPolicy specifices a semantic version policy.

    FieldDescriptionSchemeRequired
    rangeRange gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image.stringtrue

    Back to Custom Resources

    AgentStatus​

    FieldDescriptionSchemeRequired
    lastSeenmetav1.Timetrue
    namespacestringtrue
    nonReadyNodesinttrue
    readyNodesinttrue
    nonReadyNodeNamesAt most 3 nodes[]stringtrue
    readyNodeNamesAt most 3 nodes[]stringtrue

    Back to Custom Resources

    Cluster​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterSpecfalse
    statusClusterStatusfalse

    Back to Custom Resources

    ClusterDisplay​

    FieldDescriptionSchemeRequired
    readyBundlesstringfalse
    readyNodesstringfalse
    sampleNodestringfalse
    statestringfalse

    Back to Custom Resources

    ClusterGroup​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterGroupSpectrue
    statusClusterGroupStatustrue

    Back to Custom Resources

    ClusterGroupDisplay​

    FieldDescriptionSchemeRequired
    readyClustersstringfalse
    readyBundlesstringfalse
    statestringfalse

    Back to Custom Resources

    ClusterGroupSpec​

    FieldDescriptionSchemeRequired
    selector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ClusterGroupStatus​

    FieldDescriptionSchemeRequired
    clusterCountinttrue
    nonReadyClusterCountinttrue
    nonReadyClusters[]stringfalse
    conditions[]genericcondition.GenericConditionfalse
    summaryBundleSummaryfalse
    displayClusterGroupDisplayfalse
    resourceCountsGitRepoResourceCountsfalse

    Back to Custom Resources

    ClusterRegistration​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationSpecfalse
    statusClusterRegistrationStatusfalse

    Back to Custom Resources

    ClusterRegistrationSpec​

    FieldDescriptionSchemeRequired
    clientIDstringfalse
    clientRandomstringfalse
    clusterLabelsmap[string]stringfalse

    Back to Custom Resources

    ClusterRegistrationStatus​

    FieldDescriptionSchemeRequired
    clusterNamestringfalse
    grantedboolfalse

    Back to Custom Resources

    ClusterRegistrationToken​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationTokenSpecfalse
    statusClusterRegistrationTokenStatusfalse

    Back to Custom Resources

    ClusterRegistrationTokenSpec​

    FieldDescriptionSchemeRequired
    ttl*metav1.Durationfalse

    Back to Custom Resources

    ClusterRegistrationTokenStatus​

    FieldDescriptionSchemeRequired
    expires*metav1.Timefalse
    secretNamestringfalse

    Back to Custom Resources

    ClusterSpec​

    FieldDescriptionSchemeRequired
    pausedboolfalse
    clientIDstringfalse
    kubeConfigSecretstringfalse
    redeployAgentGenerationint64false
    agentEnvVars[]v1.EnvVarfalse
    agentNamespaceAgentNamespace defaults to the system namespace, e.g. cattle-fleet-systemstringfalse
    privateRepoURLstringfalse

    Back to Custom Resources

    ClusterStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    namespaceNamespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\"stringfalse
    summaryBundleSummaryfalse
    resourceCountsGitRepoResourceCountsfalse
    readyGitReposinttrue
    desiredReadyGitReposinttrue
    agentEnvVarsHashstringfalse
    agentPrivateRepoURLstringfalse
    agentDeployedGeneration*int64false
    agentMigratedboolfalse
    agentNamespaceMigratedboolfalse
    cattleNamespaceMigratedboolfalse
    displayClusterDisplayfalse
    agentAgentStatusfalse

    Back to Custom Resources

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/ref-fleet-yaml.html b/ref-fleet-yaml.html index 2dfdf5344..d32f4cf1f 100644 --- a/ref-fleet-yaml.html +++ b/ref-fleet-yaml.html @@ -4,13 +4,13 @@ fleet.yaml | Fleet - +
    -
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/ref-namespaces.html b/ref-namespaces.html index d6cb5e89b..96da7db69 100644 --- a/ref-namespaces.html +++ b/ref-namespaces.html @@ -4,13 +4,13 @@ Namespaces | Fleet - +
    -
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/ref-registration.html b/ref-registration.html index cef554132..14b98d52e 100644 --- a/ref-registration.html +++ b/ref-registration.html @@ -4,14 +4,14 @@ Registration | Fleet - +
    Version: Next 🚧

    Registration

    Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster. -It's important to note that there are multiple ways to start this:

    • Creating a bootstrap config. Fleet does this for the local agent.
    • Creating a Cluster resource with a kubeconfing. Rancher does this for downstream clusters.
    • Create a Cluster resource with an id.
    • Create a ClusterRegistration resource.

    Registration

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +It's important to note that there are multiple ways to start this:

    • Creating a bootstrap config. Fleet does this for the local agent.
    • Creating a Cluster resource with a kubeconfing. Rancher does this for downstream clusters.
    • Create a Cluster resource with an id.
    • Create a ClusterRegistration resource.

    Registration

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/ref-resources.html b/ref-resources.html index f82094549..62113918e 100644 --- a/ref-resources.html +++ b/ref-resources.html @@ -4,13 +4,13 @@ Resources | Fleet - +
    -
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/search.html b/search.html index 2d76553e0..cd3fac38c 100644 --- a/search.html +++ b/search.html @@ -4,13 +4,13 @@ Search the documentation | Fleet - +

    Search the documentation

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - + \ No newline at end of file diff --git a/single-cluster-install.html b/single-cluster-install.html index 95d42b1aa..655352404 100644 --- a/single-cluster-install.html +++ b/single-cluster-install.html @@ -4,7 +4,7 @@ Single Cluster Install | Fleet - + @@ -17,9 +17,9 @@ use case for production.

    official install instructions. The TL;DR is

    macOS

    brew install helm

    Windows

    choco install kubernetes-helm

    Kubernetes​

    Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the single cluster use case you will install Fleet to the cluster which you intend to manage with GitOps. -Any Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater.

    Install​

    Install the following two Helm charts.

    First install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-crd-0.6.0-alpha2.tgz

    Second install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet https://github.com/rancher/fleet/releases/download/v0.6.0-alpha2/fleet-0.6.0-alpha2.tgz

    Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by -running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    You can now register some git repos in the fleet-local namespace to start deploying Kubernetes resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +Any Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater.

    Install​

    Install the following two Helm charts.

    First install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-crd-0.6.0-rc.4.tgz

    Second install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet https://github.com/rancher/fleet/releases/download/v0.6.0-rc.4/fleet-0.6.0-rc.4.tgz

    Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by +running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    You can now register some git repos in the fleet-local namespace to start deploying Kubernetes resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/troubleshooting.html b/troubleshooting.html index 16334ee32..0e35ec15d 100644 --- a/troubleshooting.html +++ b/troubleshooting.html @@ -4,14 +4,14 @@ Troubleshooting | Fleet - +
    Version: Next 🚧

    Troubleshooting

    This section contains commands and tips to troubleshoot Fleet.

    How Do I...​

    Fetch the log from fleet-controller?​

    In the local management cluster where the fleet-controller is deployed, run the following command with your specific fleet-controller pod name filled in:

    $ kubectl logs -l app=fleet-controller -n cattle-fleet-system

    Fetch the log from the fleet-agent?​

    Go to each downstream cluster and run the following command for the local cluster with your specific fleet-agent pod name filled in:

    # Downstream cluster
    $ kubectl logs -l app=fleet-agent -n cattle-fleet-system
    # Local cluster
    $ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system

    Fetch detailed error logs from GitRepos and Bundles?​

    Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:

    • For more information about the bundle, click on bundle, and the YAML mode will be enabled.
    • For more information about the GitRepo, click on GitRepo, then click on View Yaml in the upper right of the screen. After viewing the YAML, check status.conditions; a detailed error message should be displayed here.
    • Check the fleet-controller for synching errors.
    • Check the fleet-agent log in the downstream cluster if you encounter issues when deploying the bundle.

    Check a chart rendering error in Kustomize?​

    Check the fleet-controller logs and the fleet-agent logs.

    Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?​

    Check the gitjob-controller logs using the following command with your specific gitjob pod name filled in:

    $ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system

    Note that there are two containers inside the pod: the step-git-source container that clones the git repo, and the fleet container that applies bundles based on the git repo.

    The pods will usually have images named rancher/tekton-utils with the gitRepo name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific gitRepoName pod name and namespace:

    $ kubectl logs -f $gitRepoName-pod-name -n namespace

    Check the status of the fleet-controller?​

    You can check the status of the fleet-controller pods by running the commands below:

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    Migrate the local cluster to the Fleet default cluster?​

    For users who want to deploy to the local cluster as well, they may move the cluster from fleet-local to fleet-default in the Rancher UI as follows:

    • To get to Fleet in Rancher, click ☰ > Continuous Delivery.
    • Under the Clusters menu, select the local cluster by checking the box to the left.
    • Select Assign to from the tabs above the cluster.
    • Select fleet-default from the Assign Cluster To dropdown.

    Result: The cluster will be migrated to fleet-default.

    Enable debug logging for fleet-controller and fleet-agent?​

    Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added.

    • Go to the Dashboard, then click on the local cluster in the left navigation menu
    • Select Apps & Marketplace, then Installed Apps from the dropdown
    • From there, you will upgrade the Fleet chart with the value debug=true. You can also set debugLevel=5 if desired.

    Additional Solutions for Other Fleet Issues​

    Naming conventions for CRDs​

    1. For CRD terms like clusters and gitrepos, you must reference the full CRD name. For example, the cluster CRD's complete name is cluster.fleet.cattle.io, and the gitrepo CRD's complete name is gitrepo.fleet.cattle.io.

    2. Bundles, which are created from the GitRepo, follow the pattern $gitrepoName-$path in the same workspace/namespace where the GitRepo was created. Note that $path is the path directory in the git repository that contains the bundle (fleet.yaml).

    3. BundleDeployments, which are created from the bundle, follow the pattern $bundleName-$clusterName in the namespace clusters-$workspace-$cluster-$generateHash. Note that $clusterName is the cluster to which the bundle will be deployed.

    HTTP secrets in Github​

    When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:

    1. Create a personal access token in Github.
    2. In Rancher, create an HTTP secret with your Github username.
    3. Use your token as the secret.

    Fleet fails with bad response code: 403​

    If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your fleet.yaml:

    time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"

    Perform the following steps to assess:

    • Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully
    • Check that your credentials for the git repo are valid

    Helm chart repo: certificate signed by unknown authority​

    If your GitJob returns the error below, you may have added the wrong certificate chain:

    time="2021-11-11T05:55:08Z" level=fatal msg="Get \"https://helm.intra/virtual-helm/index.yaml\": x509: certificate signed by unknown authority"

    Please verify your certificate with the following command:

    context=playground-local
    kubectl get secret -n fleet-default helm-repo -o jsonpath="{['data']['cacerts']}" --context $context | base64 -d | openssl x509 -text -noout
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71
            Signature Algorithm: sha512WithRSAEncryption
            Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3
    ...

    Fleet deployment stuck in modified state​

    When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.

    To ignore the modified flag for the differences between the Helm install generated by fleet.yaml and the resource in your cluster, add a diff.comparePatches to the fleet.yaml for your Deployment, as shown in this example:

    defaultNamespace: <namespace name> 
    helm:  
      releaseName: <release name>  
      repo: <repo name> 
      chart: <chart name>
    diff:  
      comparePatches:  
      - apiVersion: apps/v1
        kind: Deployment
        operations:
        - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}
        - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}
        jsonPointers: # jsonPointers allows to ignore diffs at certain json path
        - "/spec/template/spec/priorityClassName"
        - "/spec/template/spec/tolerations"

    To determine which operations should be removed, observe the logs from fleet-agent on the target cluster. You should see entries similar to the following:

    level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\"spec\":{\"template\":{\"spec\":{\"hostNetwork\":false}}}}"

    Based on the above log, you can add the following entry to remove the operation:

    {"op":"remove", "path":"/spec/template/spec/hostNetwork"}

    GitRepo or Bundle stuck in modified state​

    Modified means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository.

    1. Check the bundle diffs documentation for more information.

    2. You can also force update the gitrepo to perform a manual resync. Select GitRepo on the left navigation bar, then select Force Update.

    Bundle has a Horizontal Pod Autoscaler (HPA) in modified state​

    For bundles with an HPA, the expected state is Modified, as the bundle contains fields that differ from the state of the Bundle at deployment - usually ReplicaSet.

    You must define a patch in the fleet.yaml to ignore this field according to GitRepo or Bundle stuck in modified state.

    Here is an example of such a patch for the deployment nginx in namespace default:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: nginx
        namespace: default
        operations:
        - {"op": "remove", "path": "/spec/replicas"}

    What if the cluster is unavailable, or is in a WaitCheckIn state?​

    You will need to re-import and restart the registration process: Select Cluster on the left navigation bar, then select Force Update

    caution

    WaitCheckIn status for Rancher v2.5: -The cluster will show in WaitCheckIn status because the fleet-controller is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the Rancher docs.

    GitRepo complains with gzip: invalid header​

    When you see an error like the one below ...

    Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header

    ... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content.

    Agent is no longer registered​

    You can force a redeployment of an agent for a given cluster by setting redeployAgentGeneration.

    kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p '[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]'
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +The cluster will show in WaitCheckIn status because the fleet-controller is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the Rancher docs.

    GitRepo complains with gzip: invalid header​

    When you see an error like the one below ...

    Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header

    ... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content.

    Agent is no longer registered​

    You can force a redeployment of an agent for a given cluster by setting redeployAgentGeneration.

    kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p '[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]'
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/uninstall.html b/uninstall.html index 21fcbb76b..e7afb005d 100644 --- a/uninstall.html +++ b/uninstall.html @@ -4,15 +4,15 @@ Uninstall | Fleet - +
    Version: Next 🚧

    Uninstall

    Fleet is packaged as two Helm charts so uninstall is accomplished by uninstalling the appropriate Helm charts. To uninstall Fleet run the following -two commands:

    helm -n cattle-fleet-system uninstall fleet
    helm -n cattle-fleet-system uninstall fleet-crd
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +two commands:

    helm -n cattle-fleet-system uninstall fleet
    helm -n cattle-fleet-system uninstall fleet-crd
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file diff --git a/webhook.html b/webhook.html index e66c4cc0e..1758f16a8 100644 --- a/webhook.html +++ b/webhook.html @@ -4,7 +4,7 @@ Webhook | Fleet - + @@ -12,8 +12,8 @@
    Version: Next 🚧

    Webhook

    By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github, GitLab, Bitbucket, Bitbucket Server and Gogs.

    1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.​

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: webhook-ingress
      namespace: cattle-fleet-system
    spec:
      rules:
      - host: your.domain.com
        http:
          paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: gitjob
                  port:
                    number: 80
    info

    You can configure TLS on ingress.

    2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.​

    Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default. If your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the -secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - +secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + \ No newline at end of file